Overview
.htaccess files are used to control behaviors of applications by overriding global server configuration. Any Passenger-based application, which includes Node, Python, and Ruby, will stop processing rules beyond the document root, often noted by convention as public/.
Cause
Passenger is managed by a separate facility that immediately takes control of the request once Apache detects that the document root is a Passenger application. Existing .htaccess directives, if provided in the document root, are applied; however, any directives that lie below the document root (often noted as public/) are not inherited by design.
This is reflected by apache2_module/Hooks.cpp: passenger_register_hooks(), which blocks mod_dir (Hooks.cpp: startBlockingModDir()) that would be responsible for index negotiation, and therefore fulfillment of the request and .htaccess inheritance.
Solution
.htaccess directives must be located immediately in the document root of the Passenger application. No known workarounds exist to recursively inherit rules.