Note:

What you can put in these files is determined by the AllowOverride directive. This directive specifies, in categories, what directives @@ -67,32 +66,28 @@

For example, if you look at the documentation for the AddDefaultCharset directive, you will find that it is permitted in .htaccess files. (See the Context line in the directive summary.) The Override line reads - "FileInfo". Thus, you must have at least - "AllowOverride FileInfo" in order for this directive to be + FileInfo. Thus, you must have at least + AllowOverride FileInfo in order for this directive to be honored in .htaccess files.

If you are unsure whether a particular directive is permitted in a .htaccess file, look at the documentation for that - directive, and check the Context line for ".htaccess."

When (not) to use .htaccess files

In general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, @@ -136,17 +131,18 @@ directory /www/htdocs/example, Apache must look for the following files:

+

/.htaccess /www/.htaccess /www/htdocs/.htaccess /www/htdocs/example/.htaccess -

And so, for each file access out of that directory, there are 4 additional file-system accesses, even if none of those files are - present. (Note that this would only be the case if .htaccess files were - enabled for /, which is not usually the case.)

+ present. (Note that this would only be the case if + .htaccess files were enabled for /, which + is not usually the case.)

The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over @@ -155,13 +151,15 @@ privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set - AllowOverride to, and pointing them to the relevant - documentation, will save yourself a lot of confusion later.

- -

Note that it is completely equivalent to put a .htaccess file in a - directory /www/htdocs/example containing a directive, and - to put that same directive in a Directory section <Directory - /www/htdocs/example> in your main server configuration:

+ AllowOverride to, and pointing them + to the relevant documentation, will save yourself a lot of confusion + later.

+ +

Note that it is completely equivalent to put a .htaccess + file in a directory /www/htdocs/example containing a + directive, and to put that same directive in a Directory section + <Directory /www/htdocs/example> in your main server + configuration:

.htaccess file in /www/htdocs/example:

@@ -172,9 +170,11 @@

Section from your `httpd.conf` file

- <Directory /www/htdocs/example> - AddType text/example .exm - </Directory> + <Directory /www/htdocs/example> + + AddType text/example .exm + + </Directory>

However, putting this configuration in your server configuration @@ -183,7 +183,8 @@ requested.

The use of .htaccess files can be disabled completely - by setting the AllowOverride directive to "none"

+ by setting the AllowOverride + directive to none:

AllowOverride None @@ -237,10 +238,10 @@ common misconception that you are required to use .htaccess files in order to implement password authentication. This is not the case. Putting authentication directives - in a <Directory> section, in your main server - configuration file, is the preferred way to implement this, and - .htaccess files should be used only if you don't have - access to the main server configuration file. See above for a discussion of when you should and should + in a <Directory> + section, in your main server configuration file, is the preferred way + to implement this, and .htaccess files should be used only + if you don't have access to the main server configuration file. See above for a discussion of when you should and should not use .htaccess files.


   
       Having said that, if you still think you need to use a
  @@ -253,11 +254,11 @@
       
.htaccess file contents:
   
       
  -          AuthType Basic

  -           AuthName "Password Required"

  -           AuthUserFile /www/passwords/password.file

  -           AuthGroupFile /www/passwords/group.file

  -           Require Group admins
  +      AuthType Basic

  +      AuthName "Password Required"

  +      AuthUserFile /www/passwords/password.file

  +      AuthGroupFile /www/passwords/group.file

  +      Require Group admins
       
   
       Note that AllowOverride AuthConfig must be in effect
  @@ -267,7 +268,7 @@
       more complete discussion of authentication and authorization.


  -Server side includes example
  +Server Side Includes example

Another common use of .htaccess files is to enable Server Side Includes for a particular directory. This may be done with @@ -308,8 +309,9 @@ SetHandler cgi-script

Note that AllowOverride Options must be in effect for - these directives to have any effect.

Note that AllowOverride Options and AllowOverride + FileInfo must both be in effect for these directives to have any + effect.

Please see the CGI tutorial for a more complete discussion of CGI programming and configuration.

@@ -332,11 +334,11 @@

If, on the other hand, you are getting server errors when trying to access documents, check your Apache error log. It will likely tell you - that the directive used in your .htaccess file is not permitted. - Alternately, it may tell you that you had a syntax error, which you - will then need to fix.

+ that the directive used in your .htaccess file is not + permitted. Alternately, it may tell you that you had a syntax error, + which you will then need to fix.

What you can put in these files is determined by the AllowOverride @@ -76,36 +75,32 @@ directive, you will find that it is permitted in .htaccess files. (See the Context line in the directive summary.) The Override line reads - "FileInfo". Thus, you must have at least - "AllowOverride FileInfo" in order for this directive to be + FileInfo. Thus, you must have at least + AllowOverride FileInfo in order for this directive to be honored in .htaccess files.

If you are unsure whether a particular directive is permitted in a .htaccess file, look at the documentation for that - directive, and check the Context line for ".htaccess."

- When (not) to use .htaccess files +

When (not) to use .htaccess files

In general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, @@ -151,17 +146,18 @@ directory /www/htdocs/example, Apache must look for the following files:

- + /.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess - +

+ present. (Note that this would only be the case if + .htaccess files were enabled for /, which + is not usually the case.)

The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over @@ -170,13 +166,15 @@ privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set - AllowOverride to, and pointing them to the relevant - documentation, will save yourself a lot of confusion later.

- -

+ AllowOverride to, and pointing them + to the relevant documentation, will save yourself a lot of confusion + later.

+ +

.htaccess file in /www/htdocs/example:

@@ -187,9 +185,11 @@ Section from your <code>httpd.conf</code> file - <Directory /www/htdocs/example>
- AddType text/example .exm
- </Directory> + <Directory /www/htdocs/example>
+ + AddType text/example .exm
+ + </Directory>

However, putting this configuration in your server configuration @@ -198,7 +198,8 @@ requested.

The use of .htaccess files can be disabled completely - by setting the AllowOverride directive to "none"

+ by setting the AllowOverride + directive to none:

AllowOverride None @@ -253,10 +254,10 @@ common misconception that you are required to use .htaccess files in order to implement password authentication. This is not the case. Putting authentication directives - in a <Directory> section, in your main server - configuration file, is the preferred way to implement this, and - .htaccess files should be used only if you don't have - access to the main server configuration file. See Directory + section, in your main server configuration file, is the preferred way + to implement this, and .htaccess files should be used only + if you don't have access to the main server configuration file. See above for a discussion of when you should and should not use .htaccess files.

@@ -270,11 +271,11 @@

.htaccess file contents:

- AuthType Basic
- AuthName "Password Required"
- AuthUserFile /www/passwords/password.file
- AuthGroupFile /www/passwords/group.file
- Require Group admins + AuthType Basic
+ AuthName "Password Required"
+ AuthUserFile /www/passwords/password.file
+ AuthGroupFile /www/passwords/group.file
+ Require Group admins

Note that AllowOverride AuthConfig must be in effect @@ -284,7 +285,7 @@ more complete discussion of authentication and authorization.

Server side includes example +

Server Side Includes example

Another common use of .htaccess files is to enable Server Side Includes for a particular directory. This may be done with @@ -325,8 +326,9 @@ SetHandler cgi-script -

Note that AllowOverride Options must be in effect for - these directives to have any effect.

Note that AllowOverride Options and AllowOverride + FileInfo must both be in effect for these directives to have any + effect.

Please see the CGI tutorial for a more complete discussion of CGI programming and configuration.

@@ -350,10 +352,10 @@

+ that the directive used in your .htaccess file is not + permitted. Alternately, it may tell you that you had a syntax error, + which you will then need to fix.

Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo

Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo

Note:

Example:

Example:

When (not) to use .htaccess files

Section from your `httpd.conf` file

Server side includes example

Server Side Includes example

Note:

Example:

Example:

When (not) to use .htaccess files

Section from your httpd.conf file

Server side includes example

Server Side Includes example

Section from your `httpd.conf` file