Pretty URLs, Apache and .htaccess
Posted: Tue Jun 24, 2014 2:15 am
Pretty URL's appear to need a .htaccess file. However, Apache states that such is not the preferred method of access control.
Please compare:
And worse, security improvements appear to require the use of mod_rewrite in a .htaccess file.
Does anyone have any thoughts on this situation? Which is the best process and combination over all? Doesn't security demand certain steps no matter what?
Sometimes simple subjects appear so confusing. Is there a consensus on these things?
For other references, please see:
http://blog.arvixe.com/easy-steps-for-s ... tallation/
http://blog.arvixe.com/is-your-cms-made ... roduction/
Please compare:
from http://httpd.apache.org/docs/2.0/howto/htaccess.htmlIn general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things.
from http://docs.cmsmadesimple.org/configuration/pretty-urlStep 1
Copy the file "htaccess.txt" from the doc folder to the root of your website.
Rename the file to ".htaccess" (Note the dot in front of htaccess).
The htaccess.txt file distributed with CMSMS contains other optimizations that are often useful for production websites. It may be useful to read this file and understand its contents.
And worse, security improvements appear to require the use of mod_rewrite in a .htaccess file.
Does anyone have any thoughts on this situation? Which is the best process and combination over all? Doesn't security demand certain steps no matter what?
Sometimes simple subjects appear so confusing. Is there a consensus on these things?
For other references, please see:
http://blog.arvixe.com/easy-steps-for-s ... tallation/
http://blog.arvixe.com/is-your-cms-made ... roduction/