Admonish people not to put "AllowOverride All" in <Directory /> and

expect it to do anything useful.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@684326 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 16 insertions, 0 deletions

diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 7d7ebac678..30074fe495 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -500,6 +500,14 @@ be passed through</td></tr>
     <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
     server error.</p>
 
+    <div class="note"><p>For security and performance reasons, do not set
+    <code>AllowOverride</code> to anything other than <code>None</code> 
+    in your <code>&lt;Directory /&gt;</code> block. Instead, find (or
+    create) the <code>&lt;Directory&gt;</code> block that refers to the
+    directory where you're actually planning to place a
+    <code>.htaccess</code> file.</p>
+    </div>
+
 <h3>See also</h3>
 <ul>
 <li><code class="directive"><a href="#accessfilename">AccessFileName</a></code></li>
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index b6e351e2c8..fa2975257c 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -461,6 +461,14 @@ be passed through</description>
     <p>In the example above all directives that are neither in the group
     <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
     server error.</p>
+
+    <note><p>For security and performance reasons, do not set
+    <code>AllowOverride</code> to anything other than <code>None</code> 
+    in your <code>&lt;Directory /&gt;</code> block. Instead, find (or
+    create) the <code>&lt;Directory&gt;</code> block that refers to the
+    directory where you're actually planning to place a
+    <code>.htaccess</code> file.</p>
+    </note>
 </usage>
 
 <seealso><directive module="core">AccessFileName</directive></seealso>