Apache has a special module, known as mod_access, that allows you to place files called .htaccess in directories and have them specify authentication information required for that directory. While this is a nice and easy way to solve the issue of stopping unauthorised users access places they shouldn't, it's not very fast.
Mod_access works by looking for a .htaccess file in the directory requested by the user. If it finds it, it loads it and uses it. If not, it goes to the parent directory and looks there. If there's nothing there, it goes to the parent directory of the parent directory, then to the parent of the parent of the parent, etc, until it can go no further. If you don't actually use .htaccess files, all this checking is pointless - and it needs to be done every time a page is requested on your server.
The best way to get around this problem is just to disable mod_access outright, but if you simply have to have it then the only thing I can recommend is that you don't have too many subdirectories - if you have a maximum of two subdirectories, there are only two checks per request, but if you have six subdirectories (such as /html/newsite/images/gnome/highquality/zipped) then the workload is tripled!
Copyright 2012 Future Publishing Limited (company
registered number 2008885), a company registered
in England and Wales whose registered office is at