httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] So AllowOverride None in Directory should still allow Location to override?
Date Mon, 27 Oct 2003 21:27:03 GMT

On Mon, 27 Oct 2003, Whit Blauvelt wrote:

> Since it seems Location can override even when AllowOverride None is set in
> Directory ... isn't this kind of fishy design?

You missunderstand the AllowOverride directive.  It affects only .htaccess
files.  It has no effect on anything in httpd.conf.  See:
http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride

> Can a Location statement, for
> instance, go in an .htaccess file and give access where the Directory
> directives would be thought to lock it out?

<Location> is not allowed in .htaccess.  See the "Context" here:
http://httpd.apache.org/docs-2.0/mod/core.html#location
But, if AllowOverride is set to Limit or All, then .htaccess files
certainly can override a restrictive <Directory> section.  That is why
AllowOverride should be set to none unless you want to allow this.

I agree that the merging rules are a little convoluted.  But on the other
hand, I can't think of anything that would be much simpler.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message