Server people: htaccess/htpasswd question - GoFuckYourself.com

Gillespie · 09-04-2007, 03:50 PM

Is there a limit of entries that either of these files can have?

Someone told me that htaccess got fucked up when it reached 2000 entries. is this so?

Gillespie · 09-04-2007, 04:16 PM

Bump for a quick answer.

zagi · 09-04-2007, 04:44 PM

.htaccess is used to setup rules, and each rule takes up CPU processing power.

There is no limit but you definitely want to keep your rules as small as possible.

I think you're referring to .htpasswd used to store the username/password for a members area. In this case there is also no limit and very little CPU power is necessary to have a large file, 50,000+ entries.

So remember .htaccess rules - keep it small

.htpasswd users - grow it large and pro$per!

Gillespie · 09-04-2007, 05:02 PM

Thanks! Yes, I was referring to htpasswd.

You've cleared my doubts.

million · 09-04-2007, 05:18 PM

if you will have thousands of entries have your admin setup mod_auth_mysql, its an apache module to store apache users in a MySQL database instead of htpasswd file.

good luck

Gillespie · 09-04-2007, 05:24 PM

Won't this use even more resources? Also, if I choose to implement this, then I can actually use CAPTCHA's for my member's areas?

Tempest · 09-04-2007, 05:59 PM

Quote:

Originally Posted by zagi

.htaccess is used to setup rules, and each rule takes up CPU processing power.

There is no limit but you definitely want to keep your rules as small as possible.

Had a site that was getting probably 200k-300k page views a day and had some auto deny stuff putting IPs into the htaccess.. Whenever it got up to around 50k-70kin size, there would be significant slow downs..

People forget that htaccess is loaded/checked for every single hit. Anything that is permanent should be put into the server config file instead so it's only loaded once. Most of my sites don't even have a .htaccess anymore.

emichele20 · 09-04-2007, 06:00 PM

try the cgi password script in my siggy..

raymor · 09-05-2007, 11:36 AM

The .htpasswd file is read for every hit unless of course you're using Strongbox
to properly seperate authentication from authorization, so once you get beyond
several hundred members you probably want to move away from 1999 technology.
You can use a database with mod_auth_mysql, but instead I'd just use Strongbox,
which doesn't have to read the password file for each hit so you can keep using
the file or you can use a database with Strongbox. After about 5,000 members
or so I'd definitely combine Strongbox with a database.

09-04-2007, 03:50 PM	#1
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	Server people: htaccess/htpasswd question Is there a limit of entries that either of these files can have? Someone told me that htaccess got fucked up when it reached 2000 entries. is this so? __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

09-04-2007, 04:16 PM	#2
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	Bump for a quick answer. __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

09-04-2007, 04:44 PM	#3
zagi Confirmed User Join Date: Jan 2004 Posts: 1,238	.htaccess is used to setup rules, and each rule takes up CPU processing power. There is no limit but you definitely want to keep your rules as small as possible. I think you're referring to .htpasswd used to store the username/password for a members area. In this case there is also no limit and very little CPU power is necessary to have a large file, 50,000+ entries. So remember .htaccess rules - keep it small .htpasswd users - grow it large and pro$per! __________________ Managed US/NL Hosting [ [Reality Check Network ] Dell XEON Servers + 1/2/3 TB Packages ICQ: 4-930-562

09-04-2007, 05:02 PM	#4
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	Thanks! Yes, I was referring to htpasswd. You've cleared my doubts. __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

09-04-2007, 05:18 PM	#5
million Confirmed User Join Date: Apr 2006 Location: Pornyland Posts: 789	if you will have thousands of entries have your admin setup mod_auth_mysql, its an apache module to store apache users in a MySQL database instead of htpasswd file. good luck __________________ <sig spot goes here>

09-04-2007, 05:24 PM	#6
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	Won't this use even more resources? Also, if I choose to implement this, then I can actually use CAPTCHA's for my member's areas? __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

09-04-2007, 06:00 PM	#8
emichele20 Confirmed User Join Date: Apr 2007 Location: PA Posts: 574	try the cgi password script in my siggy.. __________________ Need Password Protection for Your Site?? Need Website Hosting??

09-05-2007, 11:36 AM	#9
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	The .htpasswd file is read for every hit unless of course you're using Strongbox to properly seperate authentication from authorization, so once you get beyond several hundred members you probably want to move away from 1999 technology. You can use a database with mod_auth_mysql, but instead I'd just use Strongbox, which doesn't have to read the password file for each hit so you can keep using the file or you can use a database with Strongbox. After about 5,000 members or so I'd definitely combine Strongbox with a database. __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids