Directives, Access, and More with the Oracle HTTP Server (
Page 1 of 5 )
In our fifth article of a five-part series that covers managing the Oracle HTTP Server (OHS), you will learn how to handle aliases, index directories, find out the status of the server, and more. It is excerpted from chapter five of the book Oracle 10g Application Server Exam Guide, written by Sam Alapati (McGraw-Hill, 2006; ISBN: 0072262710).
Using Special Configuration Directives
In addition to the many OHS configuration directives you have learned about so far, Oracle HTTP Server provides two special directives, Options and AllowOverride, which you can use to allow or disable several features of the Oracle HTTP Server.
Options
You use the Options directive to configure the server features available in a directory. In other words, you enable or disable specific HTTP server features with the Options directive. You thus can use the Options directive to control what programmers can and can't do with a directory The syntax of the Options directives is as follows:
Options [+|-]option [[+|-]option] ...
If you set the Options directive to None, no extra features are enabled whatsoever.
All The All option means that all options are allowed, and this is the default parameter for the Options directive. The only exceptions are the MultiViews directive, which isn't allowed by default. Of course, any mutually exclusive directives such as Includes and IncludesNoexec won't be allowed together.
ExecCGI If you want CGI scripts to be allowed, you must set this parameter. The only exception is for directories defined with ScriptAlias.
FollowSymLinks This parameter allows the HTTP Server to follow symbolic links for files or directories. However, this parameter doesn't affect the contents of the Location container.
SymlinksIfOwnerMatch This is a more limited version of the FollowSymLinks parameter; it allows the HTTP Server to follow symbolic links only if the target file (or directory) and the symbolic link are owned by the same user.
Includes The Includes parameter controls the execution of server-side includes (SSI).
IncludesNOEXEC The IncludesNOEXEC parameter allows server-side includes but won't allow CGI script execution via the #exec and #include commands.
Indexes This parameter will return a listing of the directory contents when a URL maps to a directory and there's no index file associated with the DirectoryIndex directive.
MultiViews The option will allow content-negotiated multiple views.
If multiple options are applicable to the same directory, the options aren't merged. OHS will use the most specific options and ignore the rest. However, if you prefix all the options under the Options directive with a + or -- sign, OHS will merge the various options. The options you specify with the + sign will be added to the current options being used, and those you prefix with the -- sign will be removed from the currently operative options.
Here's an example showing the use of the Options directive without the + and -- symbols:
<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>
<Directory /web/docs/test>
Options Includes
</Directory>
As you can see, only the Includes option will be used for the /web/docs/test directory. This means that I'm replacing the set of options for the /web/docs/ directory (Indexes, FollowSymLinks) with the single Includes option, for the /web/docs/test directory. If instead, I want to add the Includes option to the existing option FollowSymLinks and not use the Indexes option, I can do so by using the + and --symbols, as shown here:
<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>
<Directory /web/docs/test>
Options +Includes -Indexes
</Directory>
AllowOverride
Whereas the Options directive lets you enable and disable features, the AllowOverride directive lets you exercise an even finer-grained control over several HTTP Server features. As you can recall, the per-directory configuration files, called .htaccess files,
exam watch: The AllowOverride directive applies only to Directory containers.
supplement the main OHS server configuration file, httpd.conf. The AllowOverride directive determines which of the directives in a directory .htaccess file can override the server configuration. The HTTP Server will consider any .htaccess file in a directory as though they were in a Directory container.
Directives in lower Directory containers will have preferences over directives in the higher directories. The default setting or the AllowOverride directive is ALL, which enables the overriding of all directives. The HTTP server will merge the directives in all .htaccess files at the same level. Here are the other options for the AllowOverride directive:
- AuthConfig
- FileInfo
- Indexes
- Limit
- Options
- None
Here's an example showing how to use the AllowOverride directive:
AllowOverride AuthConfig Indexes
exam watch: The None option for
the AllowOverride directive will cause
the .htaccess files to be completely
ignored by the HTTP Server. For security
and performance reasons, this is the
recommended setting for the Override
directive. When you set the directive to
ALL, any directive within the .htaccess
context is allowed in the .htaccess files.
