From: Rich Bowen
.config then you
can put the following in your server configuration file:
- Directives in .htaccess files use the same syntax as
@@ -93,7 +95,7 @@ AccessFileName ".config"
directives to permit (see below). If a directive
is permitted, the documentation for that directive will contain an Override section,
specifying what value must be in
FileInfo. Thus, you must have at least
- AllowOverride FileInfo in order for this directive to be
+ AllowOverride FileInfo for this directive to be
honored in .htaccess files.
@@ -145,35 +147,37 @@ AccessFileName ".config"
.htaccess file is loaded every time a document is
requested.
- Further note that httpd must look for Additionally, httpd must look for And so, for each file access out of that directory, there are 4
additional file-system accesses, even if none of those files are
- present. (Note that this would only be the case if
+ present. (This would only be the case if
Security: You are permitting
users to modify server configuration, which may result in changes over
which you have no control. Carefully consider whether you want to give
- your users this privilege. Note also that giving users less
+ your users this privilege. Giving users less
privileges than they need will lead to additional technical support
requests. Make sure you clearly tell your users what level of
privileges you have given them. Specifying exactly what you have set
If you need to grant With this configuration, any directive not explicitly listed will
cause a server error if encountered in a Note that it is completely equivalent to put a Placing a directive in a The use of The configuration directives found in a In the directory (Note: you must have ".htaccess files
- in all higher-level directories, in order to have a full complement of
- directives that it must apply. (See section on how
+ .htaccess files
+ in all higher-level directories to assemble the full set of applicable
+ directives. (See section on how
directives are applied.) Thus, if a file is requested out of a
directory /www/htdocs/example, httpd must look for the
following files:.htaccess files were enabled for /, which
is not usually the case.).htaccess access but want to
@@ -183,56 +187,62 @@ AccessFileName ".config"
finer-grained control than .htaccess file.
This is a useful middle ground between full override access and no
override access..htaccess
- file in a directory /www/htdocs/example containing a
- directive, and to put that same directive in a Directory section
- <Directory "/www/htdocs/example"> in your main server
+ .htaccess
+ file in a directory /www/htdocs/example is completely equivalent to placing that same directive in a
+ <Directory "/www/htdocs/example"> section in your main server
configuration:.htaccess file in /www/htdocs/example:/www/htdocs/examplehttpd.conf
file.htaccess files can be disabled completely
by setting the none:.htaccess file
are applied to the directory in which the .htaccess file
- is found, and to all subdirectories thereof. However, it is important
- to also remember that there may have been .htaccess files
+ is found, and to all subdirectories thereof. Remember that there may have been .htaccess files
in directories higher up. Directives are applied in the order that they
are found. Therefore, a .htaccess file in a particular
directory may override directives found in .htaccess files
@@ -245,21 +255,25 @@ AllowOverride None
/www/htdocs/example1 we have a
.htaccess file containing the following:AllowOverride Options" in effect
+ AllowOverride Options" in effect
to permit the use of the ".htaccess files.).htaccess files.
In the directory /www/htdocs/example1/example2 we have
a .htaccess file containing:
Because of this second .htaccess file, in the directory
/www/htdocs/example1/example2, CGI execution is not
@@ -282,15 +296,17 @@ Options Includes
prevent script execution while allowing anything else to be set in
.htaccess you can use:
/www/htdocs..htaccess file contents:
Note that AllowOverride AuthConfig must be in effect
- for these directives to have any effect.
AllowOverride AuthConfig must be in effect
+ for these directives to have any effect.Please see the authentication tutorial for a more complete discussion of authentication and authorization.
@@ -330,15 +348,17 @@ Require group admins configuration directives, placed in a.htaccess file in
the desired directory:
- Note that AllowOverride Options and AllowOverride
+ AllowOverride Options and AllowOverride
FileInfo must both be in effect for these directives to have any
- effect.
Please see the SSI tutorial for a more complete discussion of server-side includes.
@@ -351,6 +371,7 @@ changes things a bit. In particular, rules are taken to be relative to the current directory, rather than being the original requested URI. Consider the following examples: +In a .htaccess in your document directory, the leading
slash is removed from the value supplied to
Also note that in .htaccess context, regular expressions are
+
In .htaccess context, regular expressions are
recompiled on every request, whereas in the main server configuration they
are compiled once and cached.
Alternately, if you wish to have all files in the given directory be considered to be CGI programs, this may be done with the following configuration:
-Note that AllowOverride Options and AllowOverride
+ AllowOverride Options and AllowOverride
FileInfo must both be in effect for these directives to have any
- effect.
Please see the CGI tutorial for a more complete discussion of CGI programming and configuration.
@@ -427,9 +453,11 @@ SetHandler cgi-script nonsense word in your.htaccess file and reload the
page:
- If a server error (HTTP 500) is
not generated, then you almost certainly have AllowOverride
@@ -440,13 +468,14 @@ TestMe
that the directive used in your .htaccess file is not
permitted.
This will indicate either that you've used a directive that is
- never permitted in .htaccess files, or that you simply
- don't have .htaccess files, or that you don't have
Alternately, it may tell you that you had a syntax error in your usage of the directive itself.
-In this case, the error message should be specific to the particular syntax error that you have committed.