Hypertext access, or .htaccess files, allow you to change the Apache configuration on a by directory basis. However, you should always use the main server configuration file to do configuration changes whenever possible. This is because when Apache is configured to process .htaccess files it looks at every directory underneath the current directory to see if there are any files present, resulting in a slightly longer page load time. Although this might not be noticeable with low traffic levels, at high traffic levels it can cause sites to slow down. You should therefore use .htaccess files only when the main server configuration file (http.conf) is inaccessible.
To increase performance you can use the AllowOverride directive in your top level directory, or any directory who's subdirectories do not use .htaccess files. This will stop Apache from searching through all sub directories.
Having .htaccess files can also be a security problem. In order to stop anyone writing to your .htaccess files you must set the permissions at "644". This allows universal read access and user-only write access. You should also make sure that your Apache configuration contains the following lines that will stop external access to your .htaccess files.
- <Files .htaccess>
- order allow,deny
- deny from all