diff --git a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
index 531c71854dd..9f6c0db3559 100644
--- a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
+++ b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
@@ -678,6 +678,7 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
 
     protected VmDataCommand generateVmDataCommand() {
         VmDataCommand cmd = new VmDataCommand("10.1.10.4", "i-4-VM", true);
+        // if you add new metadata files, also edit systemvm/patches/debian/config/var/www/html/latest/.htaccess
         cmd.addVmData("userdata", "user-data", "user-data");
         cmd.addVmData("metadata", "service-offering", "serviceOffering");
         cmd.addVmData("metadata", "availability-zone", "zoneName");
diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalPxeManagerImpl.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalPxeManagerImpl.java
index 261534a3dd9..353975ba175 100755
--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalPxeManagerImpl.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalPxeManagerImpl.java
@@ -200,6 +200,7 @@ public class BaremetalPxeManagerImpl extends ManagerBase implements BaremetalPxe
         String zoneName = _dcDao.findById(vm.getDataCenterId()).getName();
         NicVO nvo = _nicDao.findById(nic.getId());
         VmDataCommand cmd = new VmDataCommand(nvo.getIp4Address(), vm.getInstanceName(), _ntwkModel.getExecuteInSeqNtwkElmtCmd());
+        // if you add new metadata files, also edit systemvm/patches/debian/config/var/www/html/latest/.htaccess
         cmd.addVmData("userdata", "user-data", vm.getUserData());
         cmd.addVmData("metadata", "service-offering", StringUtils.unicodeEscape(serviceOffering));
         cmd.addVmData("metadata", "availability-zone", StringUtils.unicodeEscape(zoneName));
diff --git a/server/src/com/cloud/network/element/CloudZonesNetworkElement.java b/server/src/com/cloud/network/element/CloudZonesNetworkElement.java
index 55cd5fa5cad..64a8cec3b81 100644
--- a/server/src/com/cloud/network/element/CloudZonesNetworkElement.java
+++ b/server/src/com/cloud/network/element/CloudZonesNetworkElement.java
@@ -152,7 +152,7 @@ public class CloudZonesNetworkElement extends AdapterBase implements NetworkElem
     private VmDataCommand generateVmDataCommand(String vmPrivateIpAddress, String userData, String serviceOffering, String zoneName, String guestIpAddress,
         String vmName, String vmInstanceName, long vmId, String vmUuid, String publicKey) {
         VmDataCommand cmd = new VmDataCommand(vmPrivateIpAddress, vmName, _networkMgr.getExecuteInSeqNtwkElmtCmd());
-
+        // if you add new metadata files, also edit systemvm/patches/debian/config/var/www/html/latest/.htaccess
         cmd.addVmData("userdata", "user-data", userData);
         cmd.addVmData("metadata", "service-offering", serviceOffering);
         cmd.addVmData("metadata", "availability-zone", zoneName);
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 2363841d364..c165a7e329f 100755
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -854,7 +854,7 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
 
         final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
         cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
-
+        // if you add new metadata files, also edit systemvm/patches/debian/config/var/www/html/latest/.htaccess
         cmd.addVmData("userdata", "user-data", userData);
         cmd.addVmData("metadata", "service-offering", StringUtils.unicodeEscape(serviceOffering));
         cmd.addVmData("metadata", "availability-zone", StringUtils.unicodeEscape(zoneName));
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py b/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py
index a44c134ffca..30f2705c389 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py
@@ -6,9 +6,9 @@
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
-# 
+#
 #   http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -64,7 +64,7 @@ def main(argv):
                 deletefile(ip, folder, file)
             else:
                 createfile(ip, folder, file, data)
-    
+
     if fpath != '':
         fh.close()
         os.remove(fpath)
@@ -77,7 +77,7 @@ def deletefile(ip, folder, file):
 
 def createfile(ip, folder, file, data):
     dest = "/var/www/html/" + folder + "/" + ip + "/" + file
-    metamanifestdir = "/var/www/html/" + folder + "/" + ip 
+    metamanifestdir = "/var/www/html/" + folder + "/" + ip
     metamanifest =  metamanifestdir + "/meta-data"
 
     # base64 decode userdata
@@ -105,7 +105,7 @@ def createfile(ip, folder, file, data):
                 sys.exit(1)
         if os.path.exists(metamanifest):
             fh = open(metamanifest, "r+a")
-            exflock(fh) 
+            exflock(fh)
             if not file in fh.read():
                 fh.write(file + '\n')
             unflock(fh)
@@ -121,33 +121,6 @@ def createfile(ip, folder, file, data):
         os.chmod(metamanifest, 0644)
 
 def htaccess(ip, folder, file):
-    entry = "RewriteRule ^" + file + "$  ../" + folder + "/%{REMOTE_ADDR}/" + file + " [L,NC,QSA]"
-    htaccessFolder = "/var/www/html/latest"
-    htaccessFile = htaccessFolder + "/.htaccess"
-
-    try:
-        os.mkdir(htaccessFolder,0755)
-    except OSError as e:
-        # error 17 is already exists, we do it this way for concurrency
-        if e.errno != 17:
-            print "failed to make directories " + htaccessFolder + " due to :" +e.strerror
-            sys.exit(1)
-
-    if os.path.exists(htaccessFile):
-        fh = open(htaccessFile, "r+a")
-        exflock(fh)
-        if not entry in fh.read():
-            fh.write(entry + '\n')
-        unflock(fh) 
-        fh.close()
-    else:
-        fh = open(htaccessFile, "w")
-        exflock(fh)
-        fh.write("Options +FollowSymLinks\nRewriteEngine On\n\n")  
-        fh.write(entry + '\n')
-        unflock(fh)
-        fh.close()
-
     entry="Options -Indexes\nOrder Deny,Allow\nDeny from all\nAllow from " + ip
     htaccessFolder = "/var/www/html/" + folder + "/" + ip
     htaccessFile = htaccessFolder+"/.htaccess"
@@ -166,24 +139,6 @@ def htaccess(ip, folder, file):
     unflock(fh)
     fh.close()
 
-    if folder == "metadata" or folder == "meta-data":
-        entry = "RewriteRule ^meta-data/(.+)$  ../" + folder + "/%{REMOTE_ADDR}/$1 [L,NC,QSA]"
-        htaccessFolder = "/var/www/html/latest"
-        htaccessFile = htaccessFolder + "/.htaccess"
-
-        fh = open(htaccessFile, "r+a")
-        exflock(fh)
-        if not entry in fh.read():
-            fh.write(entry + '\n')
-
-        entry = "RewriteRule ^meta-data/?$  ../" + folder + "/%{REMOTE_ADDR}/meta-data [L,NC,QSA]"
-
-        fh.seek(0)
-        if not entry in fh.read():
-            fh.write(entry + '\n')
-        unflock(fh)
-        fh.close()
-
 def exflock(file):
     try:
         flock(file, LOCK_EX)
@@ -191,7 +146,7 @@ def exflock(file):
         print "failed to lock file" + file.name + " due to : " + e.strerror
         sys.exit(1)
     return True
-    
+
 def unflock(file):
     try:
         flock(file, LOCK_UN)
diff --git a/systemvm/patches/debian/config/var/www/html/latest/.htaccess b/systemvm/patches/debian/config/var/www/html/latest/.htaccess
index 038a4c933cf..5c9da02887a 100644
--- a/systemvm/patches/debian/config/var/www/html/latest/.htaccess
+++ b/systemvm/patches/debian/config/var/www/html/latest/.htaccess
@@ -1,5 +1,24 @@
-Options +FollowSymLinks  
+Options +FollowSymLinks
 RewriteEngine On
-#RewriteBase /
 
-RewriteRule ^user-data$  ../userdata/%{REMOTE_ADDR}/user-data [L,NC,QSA]
+#http://<routerIP>/latest/user-data  and .../user-data/  (both yield user-data file)
+#http://<routerIP>/latest/meta-data and .../meta-data/   (dir listing of meta-data)
+RewriteRule ^user-data/?$  ../userdata/%{REMOTE_ADDR}/user-data [L,NC,QSA]
+RewriteRule ^meta-data/?$  ../metadata/%{REMOTE_ADDR}/meta-data [L,NC,QSA]
+
+#http://<routerIP/latest/meta-data/foo and .../foo/  (yield metadata/$IP/foo)
+RewriteRule ^meta-data/(.+[^/])/?$  ../metadata/%{REMOTE_ADDR}/$1 [L,NC,QSA]
+
+#http://<routerIP>/latest/foo and .../foo/ (yield metadata/$IP/foo)
+#are these used?
+RewriteRule ^availability-zone/?$  ../metadata/%{REMOTE_ADDR}/availability-zone [L,NC,QSA]
+RewriteRule ^cloud-identifier/?$  ../metadata/%{REMOTE_ADDR}/cloud-identifier [L,NC,QSA]
+RewriteRule ^instance-id/?$  ../metadata/%{REMOTE_ADDR}/instance-id [L,NC,QSA]
+RewriteRule ^local-hostname/?$  ../metadata/%{REMOTE_ADDR}/local-hostname [L,NC,QSA]
+RewriteRule ^local-ipv4/?$  ../metadata/%{REMOTE_ADDR}/local-ipv4 [L,NC,QSA]
+RewriteRule ^public-hostname/?$  ../metadata/%{REMOTE_ADDR}/public-hostname [L,NC,QSA]
+RewriteRule ^public-ipv4/?$  ../metadata/%{REMOTE_ADDR}/public-ipv4 [L,NC,QSA]
+RewriteRule ^public-keys/?$  ../metadata/%{REMOTE_ADDR}/public-keys [L,NC,QSA]
+RewriteRule ^service-offering/?$  ../metadata/%{REMOTE_ADDR}/service-offering [L,NC,QSA]
+RewriteRule ^vm-id/?$  ../metadata/%{REMOTE_ADDR}/vm-id [L,NC,QSA]
+