Add a little detail about merging of .htaccess with httpd.conf,

and provide an example to enforce certain settings.

PR: 31782
Submitted by: Ray Ferguson <ferguson berbee.com>, Joshua Slive

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@167970 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/howto/htaccess.html.en b/docs/manual/howto/htaccess.html.en
index e6b02f4f3438339ed95102da5c9fd78e7335b788..263330932196a525d066a9ab70693547df61042c 100644 (file)
--- a/docs/manual/howto/htaccess.html.en
+++ b/docs/manual/howto/htaccess.html.en
@@ -239,6 +239,34 @@ changes on a per-directory basis.</p>
     permitted, as only <code>Options Includes</code> is in effect, which
     completely overrides any earlier setting that may have been in
     place.</p>
+
+    <h3><a name="merge" id="merge">Merging of .htaccess with the main
+    configuration files</a></h3>
+
+    <p>As discussed in the documentation on <a href="../sections.html">Configuration Sections</a>,
+    <code>.htaccess</code> files can override the <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> sections for
+    the corresponding directory, but will be overriden by other types
+    of configuration sections from the main configuration files.  This
+    fact can be used to enforce certain configurations, even in the
+    presence of a liberal <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> setting.  For example, to
+    prevent script execution while allowing anything else to be set in
+    <code>.htaccess</code> you can use:</p>
+
+    <div class="example"><p><code>
+&lt;Directory /&gt;<br />
+<span class="indent">
+Allowoverride All<br />
+</span>
+&lt;/Directory&gt;<br />
+<br />
+&lt;Location /&gt;<br />
+<span class="indent">
+Options +IncludesNoExec -ExecCGI<br />
+</span>
+&lt;/Location&gt;
+    </code></p></div>
+
+
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="auth" id="auth">Authentication example</a></h2>

diff --git a/docs/manual/howto/htaccess.xml b/docs/manual/howto/htaccess.xml
index 374030cd2de60b6aebd364ba24e8c8b57c5c8c8f..6978a65cfd753af5a6f56140ba7397d074820aad 100644 (file)
--- a/docs/manual/howto/htaccess.xml
+++ b/docs/manual/howto/htaccess.xml
@@ -265,6 +265,37 @@ changes on a per-directory basis.</p>
     permitted, as only <code>Options Includes</code> is in effect, which
     completely overrides any earlier setting that may have been in
     place.</p>
+
+    <section id="merge"><title>Merging of .htaccess with the main
+    configuration files</title>
+
+    <p>As discussed in the documentation on <a
+    href="../sections.html">Configuration Sections</a>,
+    <code>.htaccess</code> files can override the <directive
+    type="section" module="core">Directory</directive> sections for
+    the corresponding directory, but will be overriden by other types
+    of configuration sections from the main configuration files.  This
+    fact can be used to enforce certain configurations, even in the
+    presence of a liberal <directive
+    module="core">AllowOverride</directive> setting.  For example, to
+    prevent script execution while allowing anything else to be set in
+    <code>.htaccess</code> you can use:</p>
+
+    <example>
+&lt;Directory /&gt;<br />
+<indent>
+Allowoverride All<br />
+</indent>
+&lt;/Directory&gt;<br />
+<br />
+&lt;Location /&gt;<br />
+<indent>
+Options +IncludesNoExec -ExecCGI<br />
+</indent>
+&lt;/Location&gt;
+    </example>
+</section>
+
 </section>
 
 <section id="auth"><title>Authentication example</title>