Is it safe to modify a .htaccess file in PHP?

In my .htaccess file, I use variables (SetEnv) to toggle ON/OFF the website when I do updates, is it safe or is it even possible to mo开发者_运维知识库dify that .htaccess file via a PHP script ?

To be more specific, I need to comment/un-comment those lines:

#RewriteCond %{REMOTE_ADDR} !LOCALIPHERE
#RewriteCond %{REQUEST_URI} !^/Site/maintenance.htm
#RewriteCond %{REQUEST_URI} !^/Site/styles/style.css
#RewriteCond %{REQUEST_URI} !^/Site/includes/jquery-1.4.4.min.js
#RewriteCond %{REQUEST_URI} !\.(jpg|jpeg|png|gif|swf)$
#RewriteRule ^.* /Site/maintenance.htm [L]

Thank you

Edit:

My definition of safe is: I would like to know how the site will behave if the .htaccess file is opened by a PHP script and the website is being visited in the same time.

If the file is writable by the PHP process it can be modified like every other file.

However, instead of commenting/uncommenting your code you should use a RewriteCond checking your env var.

I would gauge the "safe to modify" under the consideration if it is reliable to do so - without introducing syntax errors. To accomplish that I would recommend you use more specific comment tokens:

#<off>#RewriteCond %{RE...

That's safer to scan for and replace using simple string manipulation, thus reducing the likelihood of causing a 500 error on modifying .htaccess files. If you have different types of settings you want to enable/disable, then use multiple more specific tokens.

Regarding security itself, having them world-writable has the same implications has having world-writable php scripts or configuration files.

As long as you know, what you are doing, its safe. However, if you edit the file manually and doesnt reflect this situation in your script, it is quite easy to break it.