<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
</table>
- <p>While processing a request, the server looks for
- the first existing configuration file from this list of names in
- every directory of the path to the document, if distributed
+ <p>The AccessFileName directive allows you to change the name of the file
+ that will be considered for per-directory configuration overrides, in the
+ event that <code class="directive"><a href="#allowoverride">AllowOverride</a></code> is enabled
+ for that directory.</p>
+
+ <div class="warning">We do not recommend that you change this value, and
+ especially that you do not list multiple possible file names, as it makes
+ troubleshooting more difficult for anyone not familiar with your local
+ settings.</div>
+
+ <p>While processing a request, the server looks for files with the name
+ (or names) defined in <code>AccessFileName</code>
+ in every directory of the path to the document, if distributed
configuration files are <a href="#allowoverride">enabled for that
- directory</a>. For example:</p>
-
- <pre class="prettyprint lang-config">AccessFileName .acl</pre>
-
-
- <p>Before returning the document
+ directory</a>. For example Before returning the document
<code>/usr/local/web/index.html</code>, the server will read
- <code>/.acl</code>, <code>/usr/.acl</code>,
- <code>/usr/local/.acl</code> and <code>/usr/local/web/.acl</code>
- for directives unless they have been disabled with:</p>
+ <code>/.htaccess</code>, <code>/usr/.htaccess</code>,
+ <code>/usr/local/.htaccess</code> and <code>/usr/local/web/.htaccess</code>
+ for directives.</p>
+
+ <p>For this reason, the default configuration file contains the following stanza:</p>
<pre class="prettyprint lang-config"><Directory "/">
AllowOverride None
</Directory></pre>
+ <p>This configuration block helps prevent unnecessary file accesses in directories
+ outside of your <code class="directive"><a href="#documentroot">DocumentRoot</a></code>. See also the note
+ about this in the <code>AllowOverride</code> directive documentation.</p>
+
+
<h3>See also</h3>
<ul>
<li><code class="directive"><a href="#allowoverride">AllowOverride</a></code></li>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
</table>
- <p>When the server finds an <code>.htaccess</code> file (as
- specified by <code class="directive"><a href="#accessfilename">AccessFileName</a></code>),
- it needs to know which directives declared in that file can override
- earlier configuration directives.</p>
+ <p>When the server finds a distributed configuration file (Usually called
+ <code>.htaccess</code> - configurable by the <code class="directive"><a href="#accessfilename">AccessFileName</a></code>), it needs to know which directives
+ declared in that file can override earlier configuration directives.</p>
<div class="note"><h3>Only available in <Directory> sections</h3>
<code class="directive">AllowOverride</code> is valid only in
<dt><a href="overrides.html#override-limit">Limit</a></dt>
<dd>
- Allow use of the directives controlling host access (<code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code>, <code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> and <code class="directive"><a href="../mod/mod_access_compat.html#order">Order</a></code>).</dd>
-
-
+ Allow use of the legacy host access control directives (<code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code>, <code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> and <code class="directive"><a href="../mod/mod_access_compat.html#order">Order</a></code>). For the modern
+ equivalent, see the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
+ directive, which is controlled by <code>AuthConfig</code>.
+ Also includes <code class="directive"><a href="../mod/mod_include.html#ssietag">SSIETag</a></code>,
+ <code class="directive"><a href="../mod/mod_include.html#ssilastmodified">SSILastModified</a></code>, and
+ <code class="directive"><a href="../mod/mod_include.html#ssilegacyexprparser">SSILegacyExprParser</a></code>.</dd>
<dt>Nonfatal=[Override|Unknown|All]</dt>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?>
-<!-- English Revision: 344972:1933866 (outdated) -->
+<!-- English Revision: 344972:1933921 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?>
-<!-- English Revision: 1741251:1933866 (outdated) -->
+<!-- English Revision: 1741251:1933921 (outdated) -->
<!-- Translated by Luis Gil de Bernabé Pfeiffer lgilbernabe[AT]apache.org -->
<!-- Reviewed by Sergio Ramos-->
<!--
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1932811:1933866 (outdated) -->
+<!-- English Revision: 1932811:1933921 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 669847:1933866 (outdated) -->
+<!-- English Revision: 669847:1933921 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 1302855:1933866 (outdated) -->
+<!-- English Revision: 1302855:1933921 (outdated) -->
<!-- =====================================================
Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by: Orhan Berent <berent belgeler.org>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_rewrite</td></tr>
</table>
<p>The <code class="directive">RewriteBase</code> directive specifies the
- URL prefix to be used for per-directory (htaccess)
+ URL prefix to be used for
+ <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a>
<code class="directive"><a href="#rewriterule">RewriteRule</a></code> directives that
substitute a relative path.</p>
<p> This directive is <em>required</em> when you use a relative path
- in a substitution in per-directory (htaccess) context unless any
+ in a substitution in <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context unless any
of the following conditions are true:</p>
<ul>
<li> The original request, and the substitution, are underneath the
<code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>
(as opposed to reachable by other means, such as
<code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>).</li>
- <li> The <em>filesystem</em> path to the directory containing the
- <code class="directive"><a href="#rewriterule">RewriteRule</a></code>,
- suffixed by the relative
- substitution is also valid as a URL path on the server
- (this is rare).</li>
+ <li> The directory-path for which the RewriteRule applies,
+ suffixed by the relative substitution, is also valid
+ as a URL-path on the server (this is rare).</li>
<li> In Apache HTTP Server 2.4.16 and later, this directive may be
omitted when the request is mapped via
<code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>
or <code class="module"><a href="../mod/mod_userdir.html">mod_userdir</a></code>.</li>
</ul>
-<p> In the example below, <code class="directive">RewriteBase</code> is necessary
- to avoid rewriting to http://example.com/opt/myapp-1.2.3/welcome.html
- since the resource was not relative to the document root. This
- misconfiguration would normally cause the server to look for an "opt"
- directory under the document root.</p>
-<pre class="prettyprint lang-config">DocumentRoot "/var/www/example.com"
-AliasMatch "^/myapp" "/opt/myapp-1.2.3"
-<Directory "/opt/myapp-1.2.3">
- RewriteEngine On
- RewriteBase "/myapp/"
- RewriteRule "^index\.html$" "welcome.html"
-</Directory></pre>
-
-
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<em>after</em> the URL translation phase (during which
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> operates).</p>
<p>On the other hand, because <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> implements
- its per-directory context (<code>.htaccess</code> file) via
+ its <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context via
the Fixup phase of the API and because the authorization
phases come <em>before</em> this phase, you just can use
<code>%{REMOTE_USER}</code> in that context.</p></li>
<p>The directory-path to which the rule applies is stripped from the currently mapped
filesystem path before comparison (up to and including a trailing slash).
- The net result of this per-directory prefix stripping is that rules in
+ The net result of this <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> prefix stripping is that rules in
this context only match against the portion of the currently mapped filesystem path
"below" the directory-path to which the rule applies.</p>
complexity.</li>
<li>To enable the rewrite engine in this context, you need to set
-"<code>RewriteEngine On</code>" <strong>and</strong>
-the <code>FollowSymLinks</code> or <code>SymLinksIfOwnerMatch</code>
-<code class="directive"><a href="../mod/core.html#options">Options</a></code> must be enabled. If your
-administrator has disabled override of these options for a user's
-directory via <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code>, the
-rewrite engine cannot be used in <code>.htaccess</code> files in that
-directory.</li>
+<code>RewriteEngine On</code> <strong>and</strong>
+at least one of the <code>FollowSymLinks</code> or
+<code>SymLinksIfOwnerMatch</code>
+<code class="directive"><a href="../mod/core.html#options">Options</a></code> must be enabled. Note
+that these options cannot be set in a distributed configuration file
+(<code>.htaccess</code>) unless
+<code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> permits it
+in the server configuration.</li>
<li>See the <code class="directive"><a href="#rewritebase">RewriteBase</a></code>
directive for more information regarding what prefix will be added back to
relative substitutions.</li>
-<li> If you wish to match against the full URL-path in a per-directory context
+<li> If you wish to match against the full URL-path in a
+<a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context
RewriteRule, use the <code>%{REQUEST_URI}</code> variable in
a <code class="directive"><a href="#rewritecond">RewriteCond</a></code>.</li>
<li>The removed prefix always ends with a slash, meaning the matching occurs against a string which
<em>never</em> has a leading slash. Therefore, a <em>Pattern</em> with <code>^/</code> never
-matches in per-directory context.</li>
+matches in <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context.</li>
<li>Although rewrite rules are syntactically permitted in <code class="directive"><a href="../mod/core.html#location"><Location></a></code> and <code class="directive"><a href="../mod/core.html#files"><Files></a></code> sections
(including their regular expression counterparts), this
<li><strong>Starts with <code>/</code>, server/vhost context:</strong>
Treated as a file-system path if the first path component exists
on disk; otherwise treated as a URL-path.</li>
- <li><strong>Starts with <code>/</code>, per-directory context:</strong>
+ <li><strong>Starts with <code>/</code>, <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context:</strong>
Always treated as a URL-path. No file-system guessing occurs.</li>
<li><strong>Does not start with <code>/</code> (relative),
server/vhost context:</strong> Treated as a URL-path relative
to the current request URI.</li>
<li><strong>Does not start with <code>/</code> (relative),
- per-directory context:</strong> Treated as a URL-path relative
+ <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context:</strong> Treated as a URL-path relative
to the directory-path for which the <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> or <code>.htaccess</code>
applies. See <code class="directive">RewriteBase</code> for controlling
the prefix added to relative substitutions.</li>
<td>END</td>
<td>Stop the rewriting process immediately and don't apply any
more rules. Also prevents further execution of rewrite rules
- in per-directory context. (Available in 2.3.9 and later)
+ in <a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context. (Available in 2.3.9 and later)
<em><a href="../rewrite/flags.html#flag_end">details ...</a></em></td>
</tr>
<tr>
<tr>
<td>last|L</td>
<td>Stop the rewriting process immediately and don't apply any
- more rules. Especially note caveats for
per-directory context (see also the END flag). <em><a href="../rewrite/flags.html#flag_l">details ...</a></em></td>
+ more rules. Especially note caveats for
<a class="glossarylink" href="../glossary.html#perdirectory" title="see glossary">per-directory</a> context (see also the END flag). <em><a href="../rewrite/flags.html#flag_l">details ...</a></em></td>
</tr>
<tr class="odd">
<td>next|N</td>
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1932387:1933815 (outdated) -->
+<!-- English Revision: 1932387:1933937 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
Finally the end-entity certificate's private key can also be
added to the certificate file instead of using a separate
<code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code>
-directive. This practice is highly discouraged. If it is used,
-the certificate files using such an embedded key must be configured
-after the certificates using a separate key file. If the private
-key is encrypted, the pass phrase dialog is forced at startup time.
-</p>
+directive.</p>
+
+<div class="warning"><h3>Do not combine key and certificate in one file</h3>
+<p>This practice is highly discouraged for the following reasons:</p>
+<ul>
+<li><strong>Security</strong>: Keeping the private key in a separate file
+allows stricter file permissions. The certificate file can be
+world-readable (it is public data), while the key file should be
+readable only by root. Combining them in one file means any
+misconfiguration or vulnerability that exposes the certificate file
+also exposes the private key.</li>
+<li><strong>Ordering constraint</strong>: If a combined file is used,
+all <code class="directive">SSLCertificateFile</code> directives referencing
+such combined files must appear <em>after</em> any
+<code class="directive">SSLCertificateFile</code> directives that use a
+separate key file. Violating this ordering will cause errors at
+startup.</li>
+<li><strong>Maintenance</strong>: Separate files make it immediately
+clear which file contains what, simplifying certificate rotation
+and audits.</li>
+</ul>
+<p>If the private key is encrypted, the pass phrase dialog is forced
+at startup time.</p>
+</div>
<p>As an alternative to storing certificates and private keys in
files, a certificate identifier can be used to identify a certificate
directive, there must be a matching <code class="directive">SSLCertificateFile</code>
directive.</p>
-<p>
-The private key may also be combined with the certificate in the file given by
-<code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>, but this practice
-is highly discouraged. If it is used, the certificate files using such
-an embedded key must be configured after the certificates using a separate
-key file.</p>
+<div class="warning"><h3>Do not combine key and certificate in one file</h3>
+<p>The private key may also be combined with the certificate in the
+file given by <code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>,
+but this practice is highly discouraged. See the warning in the
+<code class="directive">SSLCertificateFile</code> documentation for a full
+explanation of the risks and constraints.</p>
+</div>
<p>As an alternative to storing private keys in files, a key
identifier can be used to identify a private key stored in a
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?>
-<!-- English Revision: 1817381:1933788 (outdated) -->
+<!-- English Revision: 1817381:1933923 (outdated) -->
<!-- Spanish Translation: Daniel Ferradal <dferradal@apache.org> -->
<!-- Updated and reviewed: Luis Gil de bernabe <lgilbernabe@apache.org> -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1933097:1933788 (outdated) -->
+<!-- English Revision: 1933097:1933923 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
projects / thirdparty / apache / httpd.git / commitdiff
