Move htaccess rules to apache configuration files

Question

I'm running a website with Joomla on a dedicated server (Debian), and i've read that moving .htaccess rules to apache2 configuration files may result in a good performance improvement (Apache HTTP Server Tutorial: .htaccess files).

Main configuration file in /etc/apache2: apache2.conf

In apache2.conf there are, among other directives that i'am able to understand:

AccessFileName .htaccess

and

Include sites-enabled/

The server hosts just one website. In sites-enabled there is another file including additional directives, 000-default:

 DocumentRoot /var/www
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>

Running a "locate .htaccess" through shell returns some results: 2 files under /usr/share/phpmyadmin/ and other results under the directories for the website: /var/www.

I've read how to use Directory block to include htaccess rules into an apache configuration file, but i've mainly three doubts:

1) Where should i insert htaccess rules, in apache2.conf or in 000-default?

2) As the performance improvements are due to apache lookups reduction for htaccess files in the main directory and in subdirectories, which directive should i modify?

AccessFileName .htaccess

or

AllowOverride All

or both? And about AllowOverride All, in which Directory block in 000-default?

3) After disabling AllowOverride All, shall i include the directives of htaccess for /usr/share/phpmyadmin too, even with DocumentRoot /var/www instruction?

Answer 1

To answer question 1, two answers:

1) it doesn't matter. The files are merged into a single in-memory configuration at startup. Put configuration where it makes the most sense to you, the server administrator. To quote the IRC bot on #httpd:

All configuration files are created equal. It does not matter which of the configuration files you put the directive in. What does matter is whether you put it in the appropriate section ( or , for example). Put directives somewhere that makes sense to you, and where you will be able to find them next time.

2) Probably put it in the virtual host, (ie, in 000-default, inside the block, because that's probably where it makes the most sense, and will apply to the scope where you want it.

Question 2: Change 'AllowOverride All' to 'AllowOverride None'. Also, never, ever, set 'AllowOverride All' in as you have there in your example. That says "turn on .htaccess files for the entire file system, which is clearly not what you want, for reasons both of security and performance. So even when you're using .htaccess files for something, it should still be set to 'None' in . Remember, refers to the actual filesystem directory '/', not your web document root directory.

Question 3: Once you set 'AllowOverride None', .htaccess files will be completely ignored. Any directives should thus be moved to the main config. However, I'm not entirely clear what you're asking in question 3. Can you elaborate?