Backport:

Add a little detail about merging of .htaccess with httpd.conf,
and provide an example to enforce certain settings.

PR: 31782
Submitted by: Ray Ferguson <ferguson berbee.com>, Joshua Slive

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@167971 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/howto/htaccess.html.en b/docs/manual/howto/htaccess.html.en
index 16aba134a48f3de0fa75e9bf5e2ab7a8692fae90..fc0b8dc4850a9131527f9c80be517b935eab349f 100644 (file)
--- a/docs/manual/howto/htaccess.html.en
+++ b/docs/manual/howto/htaccess.html.en
@@ -238,6 +238,34 @@ changes on a per-directory basis.</p>
     permitted, as only <code>Options Includes</code> is in effect, which
     completely overrides any earlier setting that may have been in
     place.</p>
+
+    <h3><a name="merge" id="merge">Merging of .htaccess with the main
+    configuration files</a></h3>
+
+    <p>As discussed in the documentation on <a href="../sections.html">Configuration Sections</a>,
+    <code>.htaccess</code> files can override the <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> sections for
+    the corresponding directory, but will be overriden by other types
+    of configuration sections from the main configuration files.  This
+    fact can be used to enforce certain configurations, even in the
+    presence of a liberal <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> setting.  For example, to
+    prevent script execution while allowing anything else to be set in
+    <code>.htaccess</code> you can use:</p>
+
+    <div class="example"><p><code>
+&lt;Directory /&gt;<br />
+<span class="indent">
+Allowoverride All<br />
+</span>
+&lt;/Directory&gt;<br />
+<br />
+&lt;Location /&gt;<br />
+<span class="indent">
+Options +IncludesNoExec -ExecCGI<br />
+</span>
+&lt;/Location&gt;
+    </code></p></div>
+
+
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="auth" id="auth">Authentication example</a></h2>

diff --git a/docs/manual/howto/htaccess.xml b/docs/manual/howto/htaccess.xml
index ca2ba11eaab5a77e8f5bc55ba38c47c2ab68b191..d0a508b97063627720831b943198dc164ea9bda4 100644 (file)
--- a/docs/manual/howto/htaccess.xml
+++ b/docs/manual/howto/htaccess.xml
@@ -264,6 +264,37 @@ changes on a per-directory basis.</p>
     permitted, as only <code>Options Includes</code> is in effect, which
     completely overrides any earlier setting that may have been in
     place.</p>
+
+    <section id="merge"><title>Merging of .htaccess with the main
+    configuration files</title>
+
+    <p>As discussed in the documentation on <a
+    href="../sections.html">Configuration Sections</a>,
+    <code>.htaccess</code> files can override the <directive
+    type="section" module="core">Directory</directive> sections for
+    the corresponding directory, but will be overriden by other types
+    of configuration sections from the main configuration files.  This
+    fact can be used to enforce certain configurations, even in the
+    presence of a liberal <directive
+    module="core">AllowOverride</directive> setting.  For example, to
+    prevent script execution while allowing anything else to be set in
+    <code>.htaccess</code> you can use:</p>
+
+    <example>
+&lt;Directory /&gt;<br />
+<indent>
+Allowoverride All<br />
+</indent>
+&lt;/Directory&gt;<br />
+<br />
+&lt;Location /&gt;<br />
+<indent>
+Options +IncludesNoExec -ExecCGI<br />
+</indent>
+&lt;/Location&gt;
+    </example>
+</section>
+
 </section>
 
 <section id="auth"><title>Authentication example</title>