From: Joshua Slive <slive@apache.org>
Date: Tue, 3 May 2005 19:53:21 +0000 (+0000)
Subject: Add a little detail about merging of .htaccess with httpd.conf,
X-Git-Tag: 2.1.5~140
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a84c5acdf0e679fab3573958bf272c3dd524bae;p=thirdparty%2Fapache%2Fhttpd.git

Add a little detail about merging of .htaccess with httpd.conf,
and provide an example to enforce certain settings.

PR: 31782
Submitted by: Ray Ferguson <ferguson berbee.com>, Joshua Slive


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@167970 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/howto/htaccess.html.en b/docs/manual/howto/htaccess.html.en
index e6b02f4f343..26333093219 100644
--- a/docs/manual/howto/htaccess.html.en
+++ b/docs/manual/howto/htaccess.html.en
@@ -239,6 +239,34 @@ changes on a per-directory basis.</p>
     permitted, as only <code>Options Includes</code> is in effect, which
     completely overrides any earlier setting that may have been in
     place.</p>
+
+    <h3><a name="merge" id="merge">Merging of .htaccess with the main
+    configuration files</a></h3>
+
+    <p>As discussed in the documentation on <a href="../sections.html">Configuration Sections</a>,
+    <code>.htaccess</code> files can override the <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> sections for
+    the corresponding directory, but will be overriden by other types
+    of configuration sections from the main configuration files.  This
+    fact can be used to enforce certain configurations, even in the
+    presence of a liberal <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> setting.  For example, to
+    prevent script execution while allowing anything else to be set in
+    <code>.htaccess</code> you can use:</p>
+
+    <div class="example"><p><code>
+&lt;Directory /&gt;<br />
+<span class="indent">
+Allowoverride All<br />
+</span>
+&lt;/Directory&gt;<br />
+<br />
+&lt;Location /&gt;<br />
+<span class="indent">
+Options +IncludesNoExec -ExecCGI<br />
+</span>
+&lt;/Location&gt;
+    </code></p></div>
+
+
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="auth" id="auth">Authentication example</a></h2>
diff --git a/docs/manual/howto/htaccess.xml b/docs/manual/howto/htaccess.xml
index 374030cd2de..6978a65cfd7 100644
--- a/docs/manual/howto/htaccess.xml
+++ b/docs/manual/howto/htaccess.xml
@@ -265,6 +265,37 @@ changes on a per-directory basis.</p>
     permitted, as only <code>Options Includes</code> is in effect, which
     completely overrides any earlier setting that may have been in
     place.</p>
+
+    <section id="merge"><title>Merging of .htaccess with the main
+    configuration files</title>
+
+    <p>As discussed in the documentation on <a
+    href="../sections.html">Configuration Sections</a>,
+    <code>.htaccess</code> files can override the <directive
+    type="section" module="core">Directory</directive> sections for
+    the corresponding directory, but will be overriden by other types
+    of configuration sections from the main configuration files.  This
+    fact can be used to enforce certain configurations, even in the
+    presence of a liberal <directive
+    module="core">AllowOverride</directive> setting.  For example, to
+    prevent script execution while allowing anything else to be set in
+    <code>.htaccess</code> you can use:</p>
+
+    <example>
+&lt;Directory /&gt;<br />
+<indent>
+Allowoverride All<br />
+</indent>
+&lt;/Directory&gt;<br />
+<br />
+&lt;Location /&gt;<br />
+<indent>
+Options +IncludesNoExec -ExecCGI<br />
+</indent>
+&lt;/Location&gt;
+    </example>
+</section>
+
 </section>
 
 <section id="auth"><title>Authentication example</title>