Apache
  Home arrow Apache arrow Page 3 - Setting Permissions in Apache
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Actuate Whitepapers 
VeriSign Whitepapers 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
APACHE

Setting Permissions in Apache
By: O'Reilly Media
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-01-10

    Table of Contents:
  • Setting Permissions in Apache
  • Options directive
  • AllowOverride directive
  • Enabling CGI Scripts

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT

    Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

    Setting Permissions in Apache - AllowOverride directive


    (Page 3 of 4 )

    In addition to serving any file it can access by default, Apache also by default allows parts of configuration data to be placed under the web server tree, in files normally named .htaccess. Configuration information in such files can override the information in the httpd.conf configuration file. Though this can be useful, it slows down the server (because Apache is forced to check whether the file exists in any of the sub-folders it serves) and allows anyone who controls the web server tree to have limited control of the web server. This feature is controlled with the AllowOverride directive, which, like Options, appears within the <Directory> directive specifying the directory to which the options apply. TheAllowOverride directive supports the following options:

    AuthConfig
      
    Allows use (in .htaccess files) of the authorization
          directives (explained in Chapter 7)

    FileInfo
      
    Allows use of the directives controlling document
          types

    Indexes
      
    Allows use of the directives controlling directory
          indexing

    Limit
      
    Allows use of the directives controlling host access

    Options
      
    Allows use of the directives controlling specific
          directory functions (theOptions andXbitHack
       directives
    )

    All
      
    Allows all options listed

    None
      
    Ignores .htaccess configuration files

    For our default configuration, we choose theNone option. So, our <Directory>directives are now:

      <Directory />
          Order Deny,Allow
          Deny from all
          Options None
          AllowOverride None
      </Directory>

      <Directory /var/www/htdocs>
          Order Allow,Deny
          Allow from all
      </Directory>

    Modules sometimes useAllowOverridesettings to make other decisions as to whether something should be allowed. Therefore, a change to a setting can have unexpected consequences. As an example, includingOptionsas one of theAllowOverride options will allow PHP configuration directives to be used in .htaccess files. In theory, every directive of every module should fit into one of theAllowOverridesettings, but in practice it depends on whether their respective developers have considered it.

    More Apache Articles
    More By O'Reilly Media


       · This article is an excerpt from the book "Apache Security," published by O'Reilly....
     

    Buy this book now. This article is excerpted from chapter two of Apache Security, written by Ivan Ristic (O'Reilly; ISBN: 0596007248). Check it out today at your favorite bookstore. Buy this book now.

       

    APACHE ARTICLES

    - Creating a VAMP (Vista, Apache, MySQL, PHP) ...
    - Putting Apache in Jail
    - Containing Intrusions in Apache
    - Server Limits for Apache Security
    - Setting Permissions in Apache
    - Installing Apache
    - Apache Installation and Configuration
    - Apache Tapestry and Custom Components: DateI...
    - Tapestry and AJAX: Autocompleter and InlineE...
    - PropertySelection and IPropertySelectionMode...
    - The DatePicker and Shell Components of Apach...
    - Apache Tapestry: ASO and More Components
    - Apache Tapestry and DirectLink, IoC and DI
    - Making a CelebrityCollector with Apache Tape...
    - Apache Tapestry and Listener Methods, Condit...





    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway