From: Takashi Sato <takashi@apache.org>
Date: Tue, 2 Dec 2008 17:27:40 +0000 (+0000)
Subject: Merge r684326 from trunk:
X-Git-Tag: 2.2.11~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ab04d9322861653c25a4565b54bd87a79398374;p=thirdparty%2Fapache%2Fhttpd.git

Merge r684326 from trunk:

Admonish people not to put "AllowOverride All" in <Directory /> and
expect it to do anything useful.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@722534 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 2366b48ff80..494e392f281 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -502,6 +502,14 @@ be passed through</td></tr>
     <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
     server error.</p>
 
+    <div class="note"><p>For security and performance reasons, do not set
+    <code>AllowOverride</code> to anything other than <code>None</code> 
+    in your <code>&lt;Directory /&gt;</code> block. Instead, find (or
+    create) the <code>&lt;Directory&gt;</code> block that refers to the
+    directory where you're actually planning to place a
+    <code>.htaccess</code> file.</p>
+    </div>
+
 <h3>See also</h3>
 <ul>
 <li><code class="directive"><a href="#accessfilename">AccessFileName</a></code></li>
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 8e2dc1c8d93..5e774bfbde9 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -461,6 +461,14 @@ be passed through</description>
     <p>In the example above all directives that are neither in the group
     <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
     server error.</p>
+
+    <note><p>For security and performance reasons, do not set
+    <code>AllowOverride</code> to anything other than <code>None</code> 
+    in your <code>&lt;Directory /&gt;</code> block. Instead, find (or
+    create) the <code>&lt;Directory&gt;</code> block that refers to the
+    directory where you're actually planning to place a
+    <code>.htaccess</code> file.</p>
+    </note>
 </usage>
 
 <seealso><directive module="core">AccessFileName</directive></seealso>