Home arrow Apache arrow Page 3 - Setting Permissions in Apache

AllowOverride directive - Apache

In this third part of a six-part series on Apache installation and configuration, you will learn how to set security-related permissions. This article is excerpted from chapter two of Apache Security, written by Ivan Ristic (O'Reilly; ISBN: 0596007248). Copyright 2006 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

  1. Setting Permissions in Apache
  2. Options directive
  3. AllowOverride directive
  4. Enabling CGI Scripts
By: O'Reilly Media
Rating: starstarstarstarstar / 5
January 10, 2008

print this article



In addition to serving any file it can access by default, Apache also by default allows parts of configuration data to be placed under the web server tree, in files normally named .htaccess. Configuration information in such files can override the information in the httpd.conf configuration file. Though this can be useful, it slows down the server (because Apache is forced to check whether the file exists in any of the sub-folders it serves) and allows anyone who controls the web server tree to have limited control of the web server. This feature is controlled with the AllowOverride directive, which, like Options, appears within the <Directory> directive specifying the directory to which the options apply. TheAllowOverride directive supports the following options:

Allows use (in .htaccess files) of the authorization
      directives (explained in Chapter 7)

Allows use of the directives controlling document

Allows use of the directives controlling directory

Allows use of the directives controlling host access

Allows use of the directives controlling specific
      directory functions (theOptions andXbitHack

Allows all options listed

Ignores .htaccess configuration files

For our default configuration, we choose theNone option. So, our <Directory>directives are now:

  <Directory />
      Order Deny,Allow
      Deny from all
      Options None
      AllowOverride None

  <Directory /var/www/htdocs>
      Order Allow,Deny
      Allow from all

Modules sometimes useAllowOverridesettings to make other decisions as to whether something should be allowed. Therefore, a change to a setting can have unexpected consequences. As an example, includingOptionsas one of theAllowOverride options will allow PHP configuration directives to be used in .htaccess files. In theory, every directive of every module should fit into one of theAllowOverridesettings, but in practice it depends on whether their respective developers have considered it.

>>> More Apache Articles          >>> More By O'Reilly Media

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Apache Unveils Cassandra 1.2
- Apache on ARM Chips? Dell and Calxeda Help M...
- The Down Side of Open Source Software
- VMware Unveils Serengeti for Apache Hadoop
- SAP Takes Steps to Improve Hadoop Integration
- Looking to Hone Apache Hadoop Skills?
- How to Install Joomla on WAMPP
- Working with XAMPP and Wordpress
- GUI Available for Apache Camel
- Reduce Server Load for Apache and PHP Websit...
- Creating a VAMP (Vista, Apache, MySQL, PHP) ...
- Putting Apache in Jail
- Containing Intrusions in Apache
- Server Limits for Apache Security
- Setting Permissions in Apache

Developer Shed Affiliates


Dev Shed Tutorial Topics: