summaryrefslogtreecommitdiffstats
path: root/docs/manual/mod/overrides.xml
blob: a641a98a12c273e4ddf582bb0dc493cbec0ed3a1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?xml version="1.0"?>
<!DOCTYPE overrideindex SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->

<!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-->

<overrideindex metafile="overrides.xml.meta">
  <title>Override Class Index for .htaccess</title>
  <summary>
    <p>
      This is an index of the directives that are allowed in .htaccess files for
      various <directive module="core">AllowOverride</directive> settings,
      organized by class. Its intended purpose is to help server administrators
      verify the privileges they're granting to .htaccess users. For an overview
      of how .htaccess works, see the
      <a href="../howto/htaccess.html">.htaccess tutorial</a>.
    </p>

    <p>
      To determine the set of directives that your server configuration allows
      .htaccess users to use:
    </p>

    <ol>
      <li>Start with the set of directives in the <code>AllowOverrideList</code>
      for the directory in question. (By default, this is set to
      <code>None</code>.)</li>
      <li>Find the <code>AllowOverride</code> setting for the directory in
      question. (By default, it is set to <code>None</code>.) There are two
      special cases:
        <ol>
          <li>If your <code>AllowOverride</code> setting is <code>All</code>,
          add every directive listed on this page to the list.</li>
          <li>If your <code>AllowOverride</code> setting is <code>None</code>,
          you're done. Only the directives in the <code>AllowOverrideList</code>
          (if any) will be allowed.</li>
        </ol>
      </li>
      <li>For each override class listed in <code>AllowOverride</code>, look up
      the corresponding set of directives below and add them to the list.</li>
      <li>Finally, add the set of directives that is always allowed in
      .htaccess (these are listed in the
      <a href="#override-all">All section</a>, below).</li>
    </ol>

    <p>
      Several of the override classes are quite powerful and give .htaccess
      users a large amount of control over the server. For a stricter approach,
      set <code>AllowOverride None</code> and use
      <directive module="core">AllowOverrideList</directive> to specify the
      exact list of directives that .htaccess users are allowed to use.
    </p>
  </summary>

  <!--
    Provide one overridesummary element for each Override type. The content will
    be sucked into the relevant section on the override index page.
  -->

  <overridesummary class="All">
    <p>
      The following directives are allowed in any .htaccess file, as long as
      overrides are enabled in the server configuration.
    </p>
  </overridesummary>

  <overridesummary class="AuthConfig">
    <p>
      The following directives are allowed in .htaccess files when
      <code>AllowOverride AuthConfig</code> is in effect. They give .htaccess
      users control over the authentication and authorization methods that are
      applied to their directory subtrees, including several related utility
      directives for session handling and TLS settings.
    </p>
  </overridesummary>

  <overridesummary class="FileInfo">
    <p>
      The following directives are allowed in .htaccess files when
      <code>AllowOverride FileInfo</code> is in effect. They give .htaccess
      users a wide range of control over the responses and metadata given by the
      server.
    </p>
  </overridesummary>

  <overridesummary class="Indexes">
    <p>
      The following directives are allowed in .htaccess files when
      <code>AllowOverride Indexes</code> is in effect. They allow .htaccess
      users to control aspects of the directory index pages provided by the
      server, including autoindex generation.
    </p>
  </overridesummary>

  <overridesummary class="Limit">
    <p>
      The following directives are allowed in .htaccess files when
      <code>AllowOverride Limit</code> is in effect. This extremely narrow
      override type mostly allows the use of the legacy authorization directives
      provided by <module>mod_access_compat</module>.
    </p>
  </overridesummary>

  <overridesummary class="Options">
    <p>
      The following directives are allowed in .htaccess files when
      <code>AllowOverride Options</code> is in effect. They give .htaccess
      users access to <code>Options</code> and similar directives, as well as
      directives that control the filter chain.
    </p>
  </overridesummary>

  <!--
    This is the error message for when a directive shows up in a section that
    has no explicit overridesummary above.
  -->
  <overridesummary fallback="yes">
    <p><em>
    [This section has no description. It's possible that the documentation is
    incomplete, or that the directives here have an incorrect or misspelled
    Override type. Please consider reporting this in the
    <a href="#comments_section">comments section</a>.]
    </em></p>
  </overridesummary>
</overrideindex>