Home arrow Apache arrow Page 3 - Setting Permissions in Apache

AllowOverride directive - Apache

In this third part of a six-part series on Apache installation and configuration, you will learn how to set security-related permissions. This article is excerpted from chapter two of Apache Security, written by Ivan Ristic (O'Reilly; ISBN: 0596007248). Copyright 2006 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

TABLE OF CONTENTS:
  1. Setting Permissions in Apache
  2. Options directive
  3. AllowOverride directive
  4. Enabling CGI Scripts
By: O'Reilly Media
Rating: starstarstarstarstar / 5
January 10, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

In addition to serving any file it can access by default, Apache also by default allows parts of configuration data to be placed under the web server tree, in files normally named .htaccess. Configuration information in such files can override the information in the httpd.conf configuration file. Though this can be useful, it slows down the server (because Apache is forced to check whether the file exists in any of the sub-folders it serves) and allows anyone who controls the web server tree to have limited control of the web server. This feature is controlled with the AllowOverride directive, which, like Options, appears within the <Directory> directive specifying the directory to which the options apply. TheAllowOverride directive supports the following options:

AuthConfig
  
Allows use (in .htaccess files) of the authorization
      directives (explained in Chapter 7)

FileInfo
  
Allows use of the directives controlling document
      types

Indexes
  
Allows use of the directives controlling directory
      indexing

Limit
  
Allows use of the directives controlling host access

Options
  
Allows use of the directives controlling specific
      directory functions (theOptions andXbitHack
   directives
)

All
  
Allows all options listed

None
  
Ignores .htaccess configuration files

For our default configuration, we choose theNone option. So, our <Directory>directives are now:

  <Directory />
      Order Deny,Allow
      Deny from all
      Options None
      AllowOverride None
  </Directory>

  <Directory /var/www/htdocs>
      Order Allow,Deny
      Allow from all
  </Directory>

Modules sometimes useAllowOverridesettings to make other decisions as to whether something should be allowed. Therefore, a change to a setting can have unexpected consequences. As an example, includingOptionsas one of theAllowOverride options will allow PHP configuration directives to be used in .htaccess files. In theory, every directive of every module should fit into one of theAllowOverridesettings, but in practice it depends on whether their respective developers have considered it.



 
 
>>> More Apache Articles          >>> More By O'Reilly Media
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

APACHE ARTICLES

- Apache Unveils Cassandra 1.2
- Apache on ARM Chips? Dell and Calxeda Help M...
- The Down Side of Open Source Software
- VMware Unveils Serengeti for Apache Hadoop
- SAP Takes Steps to Improve Hadoop Integration
- Looking to Hone Apache Hadoop Skills?
- How to Install Joomla on WAMPP
- Working with XAMPP and Wordpress
- GUI Available for Apache Camel
- Reduce Server Load for Apache and PHP Websit...
- Creating a VAMP (Vista, Apache, MySQL, PHP) ...
- Putting Apache in Jail
- Containing Intrusions in Apache
- Server Limits for Apache Security
- Setting Permissions in Apache

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: