Commit f4e1a8a7 authored by Joshua Slive's avatar Joshua Slive
Browse files

Add a little detail about merging of .htaccess with httpd.conf, 

and provide an example to enforce certain settings.

PR: 31782
Submitted by: Ray Ferguson <ferguson berbee.com>, Joshua Slive


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@167970 13f79535-47bb-0310-9956-ffa450edef68
parent 803a4591

docs/manual/howto/htaccess.html.en

+28 −0
Original line number Diff line number Diff line
@@ -239,6 +239,34 @@ changes on a per-directory basis.</p> 
    permitted, as only <code>Options Includes</code> is in effect, which

    completely overrides any earlier setting that may have been in

    place.</p>



    <h3><a name="merge" id="merge">Merging of .htaccess with the main

    configuration files</a></h3>



    <p>As discussed in the documentation on <a href="../sections.html">Configuration Sections</a>,

    <code>.htaccess</code> files can override the <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> sections for

    the corresponding directory, but will be overriden by other types

    of configuration sections from the main configuration files.  This

    fact can be used to enforce certain configurations, even in the

    presence of a liberal <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> setting.  For example, to

    prevent script execution while allowing anything else to be set in

    <code>.htaccess</code> you can use:</p>



    <div class="example"><p><code>

&lt;Directory /&gt;<br />

<span class="indent">

Allowoverride All<br />

</span>

&lt;/Directory&gt;<br />

<br />

&lt;Location /&gt;<br />

<span class="indent">

Options +IncludesNoExec -ExecCGI<br />

</span>

&lt;/Location&gt;

    </code></p></div>





</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="section">

<h2><a name="auth" id="auth">Authentication example</a></h2>

docs/manual/howto/htaccess.xml

+31 −0
Original line number Diff line number Diff line
@@ -265,6 +265,37 @@ changes on a per-directory basis.</p> 
    permitted, as only <code>Options Includes</code> is in effect, which

    completely overrides any earlier setting that may have been in

    place.</p>



    <section id="merge"><title>Merging of .htaccess with the main

    configuration files</title>



    <p>As discussed in the documentation on <a

    href="../sections.html">Configuration Sections</a>,

    <code>.htaccess</code> files can override the <directive

    type="section" module="core">Directory</directive> sections for

    the corresponding directory, but will be overriden by other types

    of configuration sections from the main configuration files.  This

    fact can be used to enforce certain configurations, even in the

    presence of a liberal <directive

    module="core">AllowOverride</directive> setting.  For example, to

    prevent script execution while allowing anything else to be set in

    <code>.htaccess</code> you can use:</p>



    <example>

&lt;Directory /&gt;<br />

<indent>

Allowoverride All<br />

</indent>

&lt;/Directory&gt;<br />

<br />

&lt;Location /&gt;<br />

<indent>

Options +IncludesNoExec -ExecCGI<br />

</indent>

&lt;/Location&gt;

    </example>

</section>



</section>



<section id="auth"><title>Authentication example</title>