From 4079f266c27c7e9941f2c80b1dfed451a696975d Mon Sep 17 00:00:00 2001
From: Andre Malo
Note: If you want to call your .htaccess
file something
- else, you can change the name of the file using the AccessFileName
- directive. For example, if you would rather call the file
- .config
then you can put the following in your server
- configuration file:
If you want to call your .htaccess
file something
+ else, you can change the name of the file using the AccessFileName
directive. For example,
+ if you would rather call the file .config
then you
+ can put the following in your server configuration file:
- AccessFileName .config
-
+ AccessFileName .config
+
What you can put in these files is determined by the AllowOverride
directive. This directive specifies, in categories, what directives
@@ -67,32 +66,28 @@ changes on a per-directory basis.
For example, if you look at the documentation for the AddDefaultCharset
directive, you will find that it is permitted in .htaccess
files. (See the Context line in the directive summary.) The Override line reads
- "FileInfo
". Thus, you must have at least
- "AllowOverride FileInfo
" in order for this directive to be
+ FileInfo
. Thus, you must have at least
+ AllowOverride FileInfo
in order for this directive to be
honored in .htaccess
files.
Context: | -server config, virtual host, directory, .htaccess |
Override: | -FileInfo |
If you are unsure whether a particular directive is permitted in a
.htaccess
file, look at the documentation for that
- directive, and check the Context line for ".htaccess."
In general, you should never use .htaccess
files unless
you don't have access to the main server configuration file. There is,
@@ -151,17 +146,18 @@ changes on a per-directory basis.
/www/htdocs/example
, Apache must look for the
following files:
- And so, for each file access out of that directory, there are 4 additional file-system accesses, even if none of those files are - present. (Note that this would only be the case if .htaccess files were - enabled for /, which is not usually the case.)
+ present. (Note that this would only be the case if +.htaccess
files were enabled for /
, which
+ is not usually the case.)
The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over @@ -170,13 +166,15 @@ changes on a per-directory basis.
privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set -AllowOverride
to, and pointing them to the relevant
- documentation, will save yourself a lot of confusion later.
-
- Note that it is completely equivalent to put a .htaccess file in a
- directory /www/htdocs/example
containing a directive, and
- to put that same directive in a Directory section <Directory
- /www/htdocs/example>
in your main server configuration:
Note that it is completely equivalent to put a .htaccess
+ file in a directory /www/htdocs/example
containing a
+ directive, and to put that same directive in a Directory section
+ <Directory /www/htdocs/example>
in your main server
+ configuration:
.htaccess
file in /www/htdocs/example
:
httpd.conf
fileHowever, putting this configuration in your server configuration @@ -198,7 +198,8 @@ changes on a per-directory basis.
requested.The use of .htaccess
files can be disabled completely
- by setting the AllowOverride
directive to "none"
none
:
.htaccess
files in order to implement password
authentication. This is not the case. Putting authentication directives
- in a <Directory>
section, in your main server
- configuration file, is the preferred way to implement this, and
- .htaccess
files should be used only if you don't have
- access to the main server configuration file. See Directory
+ section, in your main server configuration file, is the preferred way
+ to implement this, and .htaccess
files should be used only
+ if you don't have access to the main server configuration file. See above for a discussion of when you should and should
not use .htaccess
files.
@@ -270,11 +271,11 @@ changes on a per-directory basis.
.htaccess
file contents:
Note that AllowOverride AuthConfig
must be in effect
@@ -284,7 +285,7 @@ changes on a per-directory basis.
Another common use of .htaccess
files is to enable
Server Side Includes for a particular directory. This may be done with
@@ -325,8 +326,9 @@ changes on a per-directory basis.
Note that AllowOverride Options
must be in effect for
- these directives to have any effect.
Note that AllowOverride Options
and AllowOverride
+ FileInfo
must both be in effect for these directives to have any
+ effect.
Please see the CGI tutorial for a more complete discussion of CGI programming and configuration.
@@ -350,10 +352,10 @@ changes on a per-directory basis.If, on the other hand, you are getting server errors when trying to access documents, check your Apache error log. It will likely tell you - that the directive used in your .htaccess file is not permitted. - Alternately, it may tell you that you had a syntax error, which you - will then need to fix.
+ that the directive used in your.htaccess
file is not
+ permitted. Alternately, it may tell you that you had a syntax error,
+ which you will then need to fix.
-