<li><img alt="" src="../images/down.gif" /> <a href="#when">When (not) to use .htaccess files</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#how">How directives are applied</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#auth">Authentication example</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server side includes example</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes example</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI example</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#troubleshoot">Troubleshooting</a></li>
</ul></div>
particular document directory, and the directives apply to that
directory, and all subdirectories thereof.</p>
-<div class="note">
- <p>Note: If you want to call your <code>.htaccess</code> file something
- else, you can change the name of the file using the <code><a href="../mod/core.html#accessfilename">AccessFileName</a></code>
- directive. For example, if you would rather call the file
- <code>.config</code> then you can put the following in your server
- configuration file:</p>
+ <div class="note"><h3>Note:</h3>
+ <p>If you want to call your <code>.htaccess</code> file something
+ else, you can change the name of the file using the <code class="directive"><a href="../mod/core.html#accessfilename">AccessFileName</a></code> directive. For example,
+ if you would rather call the file <code>.config</code> then you
+ can put the following in your server configuration file:</p>
- <div class="example"><p><code>
- AccessFileName .config
- </code></p></div>
-</div>
+
<div class="example"><p><code>
+ AccessFileName .config
+ </code></p></div>
+ </div>
<p>What you can put in these files is determined by the <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code>
directive. This directive specifies, in categories, what directives
<p>For example, if you look at the documentation for the <code class="directive"><a href="../mod/core.html#adddefaultcharset">AddDefaultCharset</a></code>
directive, you will find that it is permitted in <code>.htaccess</code>
files. (See the Context line in the directive summary.) The <a href="../mod/directive-dict.html#Context">Override</a> line reads
- "<code>FileInfo</code>". Thus, you must have at least
- "<code>AllowOverride FileInfo</code>" in order for this directive to be
+ <code>FileInfo</code>. Thus, you must have at least
+ <code>AllowOverride FileInfo</code> in order for this directive to be
honored in <code>.htaccess</code> files.</p>
-<div class="example"><h3>Example:</h3><table>
+
<div class="example"><h3>Example:</h3><table>
<tr>
<td><a href="../mod/directive-dict.html#Context">Context:</a></td>
-
<td>server config, virtual host, directory, .htaccess</td>
</tr>
<tr>
<td><a href="../mod/directive-dict.html#Override">Override:</a></td>
-
<td>FileInfo</td>
</tr>
</table></div>
-
<p>If you are unsure whether a particular directive is permitted in a
<code>.htaccess</code> file, look at the documentation for that
- directive, and check the Context line for ".htaccess."</p>
+ directive, and check the Context line for ".htaccess".</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="when" id="when">When (not) to use .htaccess files</a></h2>
-
<p>In general, you should never use <code>.htaccess</code> files unless
you don't have access to the main server configuration file. There is,
directory <code>/www/htdocs/example</code>, Apache must look for the
following files:</p>
- <div class="example"><p><code>
+
<div class="example"><p><code>
/.htaccess<br />
/www/.htaccess<br />
/www/htdocs/.htaccess<br />
/www/htdocs/example/.htaccess
- </code></p></div>
+ </code></p></div>
<p>And so, for each file access out of that directory, there are 4
additional file-system accesses, even if none of those files are
- present. (Note that this would only be the case if .htaccess files were
- enabled for /, which is not usually the case.)</p>
+ present. (Note that this would only be the case if
+ <code>.htaccess</code> files were enabled for <code>/</code>, which
+ is not usually the case.)</p>
<p>The second consideration is one of security. You are permitting
users to modify server configuration, which may result in changes over
privileges than they need will lead to additional technical support
requests. Make sure you clearly tell your users what level of
privileges you have given them. Specifying exactly what you have set
- <code>AllowOverride</code> to, and pointing them to the relevant
- documentation, will save yourself a lot of confusion later.</p>
-
- <p>Note that it is completely equivalent to put a .htaccess file in a
- directory <code>/www/htdocs/example</code> containing a directive, and
- to put that same directive in a Directory section <code><Directory
- /www/htdocs/example></code> in your main server configuration:</p>
+ <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> to, and pointing them
+ to the relevant documentation, will save yourself a lot of confusion
+ later.</p>
+
+ <p>Note that it is completely equivalent to put a <code>.htaccess</code>
+ file in a directory <code>/www/htdocs/example</code> containing a
+ directive, and to put that same directive in a Directory section
+ <code><Directory /www/htdocs/example></code> in your main server
+ configuration:</p>
<p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
<div class="example"><h3>Section from your <code>httpd.conf</code>
file</h3><p><code>
- <Directory /www/htdocs/example><br />
- AddType text/example .exm<br />
- </Directory>
+ <Directory /www/htdocs/example><br />
+ <span class="indent">
+ AddType text/example .exm<br />
+ </span>
+ </Directory>
</code></p></div>
<p>However, putting this configuration in your server configuration
requested.</p>
<p>The use of <code>.htaccess</code> files can be disabled completely
- by setting the <code>AllowOverride</code> directive to "none"</p>
+ by setting the <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code>
+ directive to <code>none</code>:</p>
<div class="example"><p><code>
AllowOverride None
common misconception that you are required to use
<code>.htaccess</code> files in order to implement password
authentication. This is not the case. Putting authentication directives
- in a <code><Directory></code> section, in your main server
- configuration file, is the preferred way to implement this, and
- <code>.htaccess</code> files should be used only if you don't have
- access to the main server configuration file. See <a href="#when">above</a> for a discussion of when you should and should
+ in a <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>
+ section, in your main server configuration file, is the preferred way
+ to implement this, and <code>.htaccess</code> files should be used only
+
if you don't have access to the main server configuration file. See <a href="#when">above</a> for a discussion of when you should and should
not use <code>.htaccess</code> files.</p>
<p>Having said that, if you still think you need to use a
<p><code>.htaccess</code> file contents:</p>
<div class="example"><p><code>
- AuthType Basic<br />
- AuthName "Password Required"<br />
- AuthUserFile /www/passwords/password.file<br />
- AuthGroupFile /www/passwords/group.file<br />
- Require Group admins
+ AuthType Basic<br />
+ AuthName "Password Required"<br />
+ AuthUserFile /www/passwords/password.file<br />
+ AuthGroupFile /www/passwords/group.file<br />
+ Require Group admins
</code></p></div>
<p>Note that <code>AllowOverride AuthConfig</code> must be in effect
more complete discussion of authentication and authorization.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="ssi" id="ssi">Server side includes example</a></h2>
+<h2><a name="ssi" id="ssi">Server Side Includes example</a></h2>
<p>Another common use of <code>.htaccess</code> files is to enable
Server Side Includes for a particular directory. This may be done with
SetHandler cgi-script
</code></p></div>
- <p>Note that <code>AllowOverride Options</code> must be in effect for
- these directives to have any effect.</p>
+ <p>Note that <code>AllowOverride Options</code> and <code>AllowOverride
+ FileInfo</code> must both be in effect for these directives to have any
+ effect.</p>
<p>Please see the <a href="cgi.html">CGI tutorial</a> for a more
complete discussion of CGI programming and configuration.</p>
<p>If, on the other hand, you are getting server errors when trying to
access documents, check your Apache error log. It will likely tell you
- that the directive used in your .htaccess file is not permitted.
- Alternately, it may tell you that you had a syntax error, which you
- will then need to fix.</p>
+ that the directive used in your <code>.htaccess</code> file is not
+ permitted. Alternately, it may tell you that you had a syntax error,
+ which you will then need to fix.</p>
- </div></div>
+</div></div>
<div id="footer">
<p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
particular document directory, and the directives apply to that
directory, and all subdirectories thereof.</p>
-<note>
- <p>Note: If you want to call your <code>.htaccess</code> file something
- else, you can change the name of the file using the <code><a
- href="../mod/core.html#accessfilename">AccessFileName</a></code>
- directive. For example, if you would rather call the file
- <code>.config</code> then you can put the following in your server
- configuration file:</p>
-
- <example>
- AccessFileName .config
- </example>
-</note>
+ <note><title>Note:</title>
+ <p>If you want to call your <code>.htaccess</code> file something
+ else, you can change the name of the file using the <directive
+ module="core">AccessFileName</directive> directive. For example,
+ if you would rather call the file <code>.config</code> then you
+ can put the following in your server configuration file:</p>
+
+ <example>
+ AccessFileName .config
+ </example>
+ </note>
<p>What you can put in these files is determined by the <directive
module="core">AllowOverride</directive>
directive, you will find that it is permitted in <code>.htaccess</code>
files. (See the Context line in the directive summary.) The <a
href="../mod/directive-dict.html#Context">Override</a> line reads
- "<code>FileInfo</code>". Thus, you must have at least
- "<code>AllowOverride FileInfo</code>" in order for this directive to be
+ <code>FileInfo</code>. Thus, you must have at least
+ <code>AllowOverride FileInfo</code> in order for this directive to be
honored in <code>.htaccess</code> files.</p>
-<example><title>Example:</title>
+ <example><title>Example:</title>
<table>
<tr>
<td><a
href="../mod/directive-dict.html#Context">Context:</a></td>
-
<td>server config, virtual host, directory, .htaccess</td>
</tr>
<tr>
<td><a
href="../mod/directive-dict.html#Override">Override:</a></td>
-
<td>FileInfo</td>
</tr>
</table>
-</example>
-
+ </example>
<p>If you are unsure whether a particular directive is permitted in a
<code>.htaccess</code> file, look at the documentation for that
- directive, and check the Context line for ".htaccess."</p>
+ directive, and check the Context line for ".htaccess".</p>
</section>
- <section id="when">
- <title>When (not) to use .htaccess files</title>
+ <section id="when"><title>When (not) to use .htaccess files</title>
<p>In general, you should never use <code>.htaccess</code> files unless
you don't have access to the main server configuration file. There is,
directory <code>/www/htdocs/example</code>, Apache must look for the
following files:</p>
- <example>
+ <example>
/.htaccess<br />
/www/.htaccess<br />
/www/htdocs/.htaccess<br />
/www/htdocs/example/.htaccess
- </example>
+ </example>
<p>And so, for each file access out of that directory, there are 4
additional file-system accesses, even if none of those files are
- present. (Note that this would only be the case if .htaccess files were
- enabled for /, which is not usually the case.)</p>
+ present. (Note that this would only be the case if
+ <code>.htaccess</code> files were enabled for <code>/</code>, which
+ is not usually the case.)</p>
<p>The second consideration is one of security. You are permitting
users to modify server configuration, which may result in changes over
privileges than they need will lead to additional technical support
requests. Make sure you clearly tell your users what level of
privileges you have given them. Specifying exactly what you have set
- <code>AllowOverride</code> to, and pointing them to the relevant
- documentation, will save yourself a lot of confusion later.</p>
-
- <p>Note that it is completely equivalent to put a .htaccess file in a
- directory <code>/www/htdocs/example</code> containing a directive, and
- to put that same directive in a Directory section <code><Directory
- /www/htdocs/example></code> in your main server configuration:</p>
+ <directive module="core">AllowOverride</directive> to, and pointing them
+ to the relevant documentation, will save yourself a lot of confusion
+ later.</p>
+
+ <p>Note that it is completely equivalent to put a <code>.htaccess</code>
+ file in a directory <code>/www/htdocs/example</code> containing a
+ directive, and to put that same directive in a Directory section
+ <code><Directory /www/htdocs/example></code> in your main server
+ configuration:</p>
<p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
<example><title>Section from your <code>httpd.conf</code>
file</title>
- <Directory /www/htdocs/example><br />
- AddType text/example .exm<br />
- </Directory>
+ <Directory /www/htdocs/example><br />
+ <indent>
+ AddType text/example .exm<br />
+ </indent>
+ </Directory>
</example>
<p>However, putting this configuration in your server configuration
requested.</p>
<p>The use of <code>.htaccess</code> files can be disabled completely
- by setting the <code>AllowOverride</code> directive to "none"</p>
+ by setting the <directive module="core">AllowOverride</directive>
+ directive to <code>none</code>:</p>
<example>
AllowOverride None
common misconception that you are required to use
<code>.htaccess</code> files in order to implement password
authentication. This is not the case. Putting authentication directives
- in a <code><Directory></code> section, in your main server
- configuration file, is the preferred way to implement this, and
- <code>.htaccess</code> files should be used only if you don't have
- access to the main server configuration file. See <a
+ in a <directive module="core" type="section">Directory</directive>
+ section, in your main server configuration file, is the preferred way
+ to implement this, and <code>.htaccess</code> files should be used only
+
if you don't have access to the main server configuration file. See <a
href="#when">above</a> for a discussion of when you should and should
not use <code>.htaccess</code> files.</p>
<p><code>.htaccess</code> file contents:</p>
<example>
- AuthType Basic<br />
- AuthName "Password Required"<br />
- AuthUserFile /www/passwords/password.file<br />
- AuthGroupFile /www/passwords/group.file<br />
- Require Group admins
+ AuthType Basic<br />
+ AuthName "Password Required"<br />
+ AuthUserFile /www/passwords/password.file<br />
+ AuthGroupFile /www/passwords/group.file<br />
+ Require Group admins
</example>
<p>Note that <code>AllowOverride AuthConfig</code> must be in effect
more complete discussion of authentication and authorization.</p>
</section>
-<section id="ssi"><title>Server side includes example</title>
+<section id="ssi"><title>Server Side Includes example</title>
<p>Another common use of <code>.htaccess</code> files is to enable
Server Side Includes for a particular directory. This may be done with
SetHandler cgi-script
</example>
- <p>Note that <code>AllowOverride Options</code> must be in effect for
- these directives to have any effect.</p>
+ <p>Note that <code>AllowOverride Options</code> and <code>AllowOverride
+ FileInfo</code> must both be in effect for these directives to have any
+ effect.</p>
<p>Please see the <a href="cgi.html">CGI tutorial</a> for a more
complete discussion of CGI programming and configuration.</p>
<p>If, on the other hand, you are getting server errors when trying to
access documents, check your Apache error log. It will likely tell you
- that the directive used in your .htaccess file is not permitted.
- Alternately, it may tell you that you had a syntax error, which you
- will then need to fix.</p>
+ that the directive used in your <code>.htaccess</code> file is not
+ permitted. Alternately, it may tell you that you had a syntax error,
+ which you will then need to fix.</p>
- </section>
+</section>
</manualpage>
projects / apache / commitdiff