httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "ScratchPad/htaccess" by jink
Date Wed, 28 Feb 2007 12:21:40 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by jink:
http://wiki.apache.org/httpd/ScratchPad/htaccess

The comment on the change is:
fixed up some stuff

------------------------------------------------------------------------------
  
  Not really; .htaccess files '''''can''''' be used to provide password protection the same
way the main configuration files can be used to provide password protection; there is nothing
special about .htaccess for this purpose.
  
- === Does it have to be called .htaccess ===
+ === It has to be called .htaccess ===
  
- Nope, you can define its name through the [http://httpd.apache.org/docs/2.0/mod/core.html#accessfilename
AccessFileName] directive. It isn't recommended practice, though, especially if you'll provide
shared hosting or something similar where unknown people will have web space and expect .htaccess
files to be supported.
+ No, you can define its name through the [http://httpd.apache.org/docs/trunk/mod/core.html#accessfilename
AccessFileName] directive. It isn't recommended practice, though, especially if you'll provide
shared hosting or something similar where uninformed people will have web space and expect
.htaccess files to be supported.
  
  == When should I, and should I not use .htaccess files? ==
  
+ Allowing .htaccess files will make Apache look for them upon every access to your server.
 Since parent directories are searched as well, this will take some (small) amount of time,
and can impact your server's performance.
+ For a better explanation, see ["ScratchPad/htaccessGotchas"]. (move that explanation here?)
+ 
  === Should use ===
- .htaccess files should really only be used when you cannot directly edit the main configuration
files!
+ .htaccess files should really only be used when you cannot directly edit the main configuration
files.
- 
- Using .htaccess files will cause Apache to search for them in every directory it recurses
into every time the .htaccess
- containing directory is accessed, for a better explanation, see ["ScratchPad/htaccessGotchas"].
(move that explanation here?)
  
  === Should not use ===
  You should not use .htaccess when:
-  1.  When you have access to edit the main server configuration file(s)
+  1.  you have access to edit the main server configuration file(s).
-  1.  When server performance is of concern to you.
+  1.  server performance is of concern to you.
-  1.  When untrusted people host websites on the server.  (See How can I prevent users from
using .htaccess? and How can I control what users can do with .htaccess files? (How to link
to headings of this doc????) )
+  1.  untrusted people host websites on the server.  (See How can I prevent users from using
.htaccess? and How can I control what users can do with .htaccess files? (How to link to headings
of this doc????) )
  
  == How can I create a new .htaccess file? ==
  
- Use your favourite editor to create a .htaccess file in the folder where you want it to
take affect.
+ Use your favourite editor to create a .htaccess file in the folder where you want it to
take effect.
  Make sure that the file can be read by Apache's UID.
  
  == What can I do with my .htaccess file? ==
  
- .htaccess files are containers for subset of Apache directives. .htaccess files apply only
to the directory that they are placed in and all its descendants.
+ .htaccess files are containers for a subset of Apache directives. .htaccess files apply
to the directory they are placed in and all its descendants.  I.e. a .htaccess file in /path/to/site,
will apply to that directory, but to /path/to/site/images too!
  
  This means you can think of .htaccess files as dynamically adding the following to the master
Apache configuration:
   
  {{{
- <Directory /path/to/folder-with.htaccess> 
+ <Directory /path/to/site> 
-  #.htaccess content goes here
+   # .htaccess content goes here
  </Directory>
  }}}
  
- You must place the .htaccess file in the directory where you want it to effect changes.
 For example if you want to use a .htaccess file to force authentication for http://www.example.com/admin

+ You must place the .htaccess file in the directory where you want it to take effect.  For
example if you want to use a .htaccess file to force authentication for http://www.example.com/admin,
and your !DocumentRoot is set to /var/www/html/www.example.com, you would place the .htaccess
file in /var/www/html/www.example.com/admin .
  
+ === So, what can I use? ===
- If your !DocumentRoot is 
- {{{
- /var/www/html/www.example.com
- }}} 
  
+ You can put in a .htaccess file any Apache directive that the administrator chooses to enable,
from the subset of directives that Apache supports in .htaccess files. This works by setting
the !AllowOverride directive correctly. 
- Then you would place your .htaccess file in 
- {{{
- /var/www/html/www.example.com/admin
- }}}
  
- === That's ok, but what CAN I do? ===
+ To check what the administrator enabled, contact them or your hosting provider, or just
try. 
  
- You can put in a .htaccess file any Apache directive that the administrator chooses to enable,
from the subset of directives Apache itself supports in .htaccess files, by setting the !AllowOverride
directive correctly. 
+ To check what directives Apache supports in .htaccess files, look for the directive you
would like to use in the documentation and check out the [http://httpd.apache.org/docs/trunk/mod/directive-dict.html#Context
Context:] section. If it says .htaccess, then that directive is valid in .htaccess, unless
it has been disabled by the administrator.
  
+ An example. Let's suppose you really must use .htaccess files and that you want to password
protect the location we talked about above, located at /var/www/html/www.example.com/admin.
A .htaccess file for that task should look like:
- To check what the administrator enabled, contact her or your hosting provider, or just try.

- 
- To check what directives Apache supports in .htaccess files, find the directive you would
like to use in a .htaccess file in the documentation and check out the "Context:" section.
If it says .htaccess, then that directive is valid in .htaccess, although it could have been
disabled by the administrator, of course.
- 
- Ok, an example. Let's suppose you really must use .htaccess files; and that you want to
password protect the site we talked about above, located at /var/www/html/www.example.com/admin.
A .htaccess file for that task should look like:
  
  '''/var/www/html/www.example.com/admin/.htaccess'''
  {{{
@@ -84, +74 @@

    AuthUserFile /etc/htpasswds/.htpasswd.example.com
    Require valid-user
  
+   Order deny,allow
-   Order allow,deny
-   Allow from all
  }}}
  
  == How can I control what users can do with .htaccess files? ==
  
- By setting AllowOverride properly in the proper <Directory> directive. See [http://httpd.apache.org/docs/trunk/mod/core.html#allowoverride
AllowOverride] docs.
+ By setting AllowOverride in the proper <Directory> directive. See the [http://httpd.apache.org/docs/trunk/mod/core.html#allowoverride
AllowOverride] documentation.
  
  == But, I really dislike having all the directives in one huge config file, and .htaccess
files help me with that! ==
  
+ This is not a valid reason, since you can use [http://httpd.apache.org/docs/2.2/mod/core.html#include
Include].
+ 
+ ----
+ (I suggest moving this part to its own section)
  You can use the Include directive to alleviate that if it really bothers you! Let's see
how.
  
  We'll suppose you dislike huge config files and that, for instance, you want to provide
password authentication for all your virtual hosts. You could put a .htaccess in the root
of each virtual host, or you could create a 
@@ -118, +111 @@

  }}}
  
  And so on for the rest of your virtual hosts. 
+ (end of suggest)
+ ----
  
  == How can I prevent users from using .htaccess? ==
  
- In your main server config, place the following in your top-level <Directory> block.
 i.e.
+ In your main server config, place the following in your top-level <Directory> block.
 E.g.
  
  {{{
  <Directory /var/www/html>
- ...
+   # ... other directives
- AllowOveride None
+   AllowOveride None
- ...
+   # ... other directives
  </Directory>
  }}}
  
- ''Remember the aplication of a <Directory> block is recursive.  So if you set it at
the top level is will apply to all sub-directories unless explicity reversed through a different
<Directory> directive.''
+ ''Remember the application of a <Directory> block is recursive.  So if you set it
at the top level is will apply to all sub-directories unless explicity reversed through a
different <Directory> directive.''
  
  == How do I troubleshoot my .htaccess files? ==
  

Mime
View raw message