summaryrefslogtreecommitdiffstats
path: root/rubbos/app/httpd-2.0.64/docs/manual/howto/htaccess.html.en
diff options
context:
space:
mode:
Diffstat (limited to 'rubbos/app/httpd-2.0.64/docs/manual/howto/htaccess.html.en')
-rw-r--r--rubbos/app/httpd-2.0.64/docs/manual/howto/htaccess.html.en386
1 files changed, 386 insertions, 0 deletions
diff --git a/rubbos/app/httpd-2.0.64/docs/manual/howto/htaccess.html.en b/rubbos/app/httpd-2.0.64/docs/manual/howto/htaccess.html.en
new file mode 100644
index 00000000..f9d6614f
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/docs/manual/howto/htaccess.html.en
@@ -0,0 +1,386 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Apache Tutorial: .htaccess files - Apache HTTP Server</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.0</p>
+<img alt="" src="../images/feather.gif" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">How-To / Tutorials</a></div><div id="page-content"><div id="preamble"><h1>Apache Tutorial: .htaccess files</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/howto/htaccess.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../ja/howto/htaccess.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
+<a href="../ko/howto/htaccess.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div>
+
+<p><code>.htaccess</code> files provide a way to make configuration
+changes on a per-directory basis.</p>
+</div>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#related">.htaccess files</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#what">What they are/How to use them</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#when">When (not) to use .htaccess files</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#how">How directives are applied</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#auth">Authentication example</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes example</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI example</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#troubleshoot">Troubleshooting</a></li>
+</ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="related" id="related">.htaccess files</a></h2>
+ <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/core.html">core</a></code></li><li><code class="module"><a href="../mod/mod_auth.html">mod_auth</a></code></li><li><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="../mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#accessfilename">AccessFileName</a></code></li><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mod_mime.html#addhandler">AddHandler</a></code></li><li><code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/mod_auth.html#authuserfile">AuthUserFile</a></code></li><li><code class="directive"><a href="../mod/mod_auth.html#authgroupfile">AuthGroupFile</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></td></tr></table>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="what" id="what">What they are/How to use them</a></h2>
+
+
+ <p><code>.htaccess</code> files (or "distributed configuration files")
+ provide a way to make configuration changes on a per-directory basis. A
+ file, containing one or more configuration directives, is placed in a
+ particular document directory, and the directives apply to that
+ directory, and all subdirectories thereof.</p>
+
+ <div class="note"><h3>Note:</h3>
+ <p>If you want to call your <code>.htaccess</code> file something
+ else, you can change the name of the file using the <code class="directive"><a href="../mod/core.html#accessfilename">AccessFileName</a></code> directive. For example,
+ if you would rather call the file <code>.config</code> then you
+ can put the following in your server configuration file:</p>
+
+ <div class="example"><p><code>
+ AccessFileName .config
+ </code></p></div>
+ </div>
+
+ <p>In general, <code>.htaccess</code> files use the same syntax as
+ the <a href="../configuring.html#syntax">main configuration
+ files</a>. What you can put in these files is determined by the
+ <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> directive. This
+ directive specifies, in categories, what directives will be
+ honored if they are found in a <code>.htaccess</code> file. If a
+ directive is permitted in a <code>.htaccess</code> file, the
+ documentation for that directive will contain an Override section,
+ specifying what value must be in <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> in order for that
+ directive to be permitted.</p>
+
+ <p>For example, if you look at the documentation for the <code class="directive"><a href="../mod/core.html#adddefaultcharset">AddDefaultCharset</a></code>
+ directive, you will find that it is permitted in <code>.htaccess</code>
+ files. (See the Context line in the directive summary.) The <a href="../mod/directive-dict.html#Context">Override</a> line reads
+ <code>FileInfo</code>. Thus, you must have at least
+ <code>AllowOverride FileInfo</code> in order for this directive to be
+ honored in <code>.htaccess</code> files.</p>
+
+ <div class="example"><h3>Example:</h3><table>
+ <tr>
+ <td><a href="../mod/directive-dict.html#Context">Context:</a></td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+
+ <tr>
+ <td><a href="../mod/directive-dict.html#Override">Override:</a></td>
+ <td>FileInfo</td>
+ </tr>
+ </table></div>
+
+ <p>If you are unsure whether a particular directive is permitted in a
+ <code>.htaccess</code> file, look at the documentation for that
+ directive, and check the Context line for ".htaccess".</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="when" id="when">When (not) to use .htaccess files</a></h2>
+
+ <p>In general, you should never use <code>.htaccess</code> files unless
+ you don't have access to the main server configuration file. There is,
+ for example, a prevailing misconception that user authentication should
+ always be done in <code>.htaccess</code> files. This is simply not the
+ case. You can put user authentication configurations in the main server
+ configuration, and this is, in fact, the preferred way to do
+ things.</p>
+
+ <p><code>.htaccess</code> files should be used in a case where the
+ content providers need to make configuration changes to the server on a
+ per-directory basis, but do not have root access on the server system.
+ In the event that the server administrator is not willing to make
+ frequent configuration changes, it might be desirable to permit
+ individual users to make these changes in <code>.htaccess</code> files
+ for themselves. This is particularly true, for example, in cases where
+ ISPs are hosting multiple user sites on a single machine, and want
+ their users to be able to alter their configuration.</p>
+
+ <p>However, in general, use of <code>.htaccess</code> files should be
+ avoided when possible. Any configuration that you would consider
+ putting in a <code>.htaccess</code> file, can just as effectively be
+ made in a <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> section in your main server
+ configuration file.</p>
+
+ <p>There are two main reasons to avoid the use of
+ <code>.htaccess</code> files.</p>
+
+ <p>The first of these is performance. When <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code>
+ is set to allow the use of <code>.htaccess</code> files, Apache will
+ look in every directory for <code>.htaccess</code> files. Thus,
+ permitting <code>.htaccess</code> files causes a performance hit,
+ whether or not you actually even use them! Also, the
+ <code>.htaccess</code> file is loaded every time a document is
+ requested.</p>
+
+ <p>Further note that Apache must look for <code>.htaccess</code> files
+ in all higher-level directories, in order to have a full complement of
+ directives that it must apply. (See section on <a href="#how">how
+ directives are applied</a>.) Thus, if a file is requested out of a
+ directory <code>/www/htdocs/example</code>, Apache must look for the
+ following files:</p>
+
+ <div class="example"><p><code>
+ /.htaccess<br />
+ /www/.htaccess<br />
+ /www/htdocs/.htaccess<br />
+ /www/htdocs/example/.htaccess
+ </code></p></div>
+
+ <p>And so, for each file access out of that directory, there are 4
+ additional file-system accesses, even if none of those files are
+ present. (Note that this would only be the case if
+ <code>.htaccess</code> files were enabled for <code>/</code>, which
+ is not usually the case.)</p>
+
+ <p>The second consideration is one of security. You are permitting
+ users to modify server configuration, which may result in changes over
+ which you have no control. Carefully consider whether you want to give
+ your users this privilege. Note also that giving users less
+ privileges than they need will lead to additional technical support
+ requests. Make sure you clearly tell your users what level of
+ privileges you have given them. Specifying exactly what you have set
+ <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> to, and pointing them
+ to the relevant documentation, will save yourself a lot of confusion
+ later.</p>
+
+ <p>Note that it is completely equivalent to put a <code>.htaccess</code>
+ file in a directory <code>/www/htdocs/example</code> containing a
+ directive, and to put that same directive in a Directory section
+ <code>&lt;Directory /www/htdocs/example&gt;</code> in your main server
+ configuration:</p>
+
+ <p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
+
+ <div class="example"><h3>Contents of .htaccess file in
+ <code>/www/htdocs/example</code></h3><p><code>
+ AddType text/example .exm
+ </code></p></div>
+
+ <div class="example"><h3>Section from your <code>httpd.conf</code>
+ file</h3><p><code>
+ &lt;Directory /www/htdocs/example&gt;<br />
+ <span class="indent">
+ AddType text/example .exm<br />
+ </span>
+ &lt;/Directory&gt;
+ </code></p></div>
+
+ <p>However, putting this configuration in your server configuration
+ file will result in less of a performance hit, as the configuration is
+ loaded once when Apache starts, rather than every time a file is
+ requested.</p>
+
+ <p>The use of <code>.htaccess</code> files can be disabled completely
+ by setting the <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code>
+ directive to <code>none</code>:</p>
+
+ <div class="example"><p><code>
+ AllowOverride None
+ </code></p></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="how" id="how">How directives are applied</a></h2>
+
+ <p>The configuration directives found in a <code>.htaccess</code> file
+ are applied to the directory in which the <code>.htaccess</code> file
+ is found, and to all subdirectories thereof. However, it is important
+ to also remember that there may have been <code>.htaccess</code> files
+ in directories higher up. Directives are applied in the order that they
+ are found. Therefore, a <code>.htaccess</code> file in a particular
+ directory may override directives found in <code>.htaccess</code> files
+ found higher up in the directory tree. And those, in turn, may have
+ overridden directives found yet higher up, or in the main server
+ configuration file itself.</p>
+
+ <p>Example:</p>
+
+ <p>In the directory <code>/www/htdocs/example1</code> we have a
+ <code>.htaccess</code> file containing the following:</p>
+
+ <div class="example"><p><code>
+ Options +ExecCGI
+ </code></p></div>
+
+ <p>(Note: you must have "<code>AllowOverride Options</code>" in effect
+ to permit the use of the "<code class="directive"><a href="../mod/core.html#options">Options</a></code>" directive in
+ <code>.htaccess</code> files.)</p>
+
+ <p>In the directory <code>/www/htdocs/example1/example2</code> we have
+ a <code>.htaccess</code> file containing:</p>
+
+ <div class="example"><p><code>
+ Options Includes
+ </code></p></div>
+
+ <p>Because of this second <code>.htaccess</code> file, in the directory
+ <code>/www/htdocs/example1/example2</code>, CGI execution is not
+ permitted, as only <code>Options Includes</code> is in effect, which
+ completely overrides any earlier setting that may have been in
+ place.</p>
+
+ <h3><a name="merge" id="merge">Merging of .htaccess with the main
+ configuration files</a></h3>
+
+ <p>As discussed in the documentation on <a href="../sections.html">Configuration Sections</a>,
+ <code>.htaccess</code> files can override the <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> sections for
+ the corresponding directory, but will be overriden by other types
+ of configuration sections from the main configuration files. This
+ fact can be used to enforce certain configurations, even in the
+ presence of a liberal <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> setting. For example, to
+ prevent script execution while allowing anything else to be set in
+ <code>.htaccess</code> you can use:</p>
+
+ <div class="example"><p><code>
+&lt;Directory /&gt;<br />
+<span class="indent">
+Allowoverride All<br />
+</span>
+&lt;/Directory&gt;<br />
+<br />
+&lt;Location /&gt;<br />
+<span class="indent">
+Options +IncludesNoExec -ExecCGI<br />
+</span>
+&lt;/Location&gt;
+ </code></p></div>
+
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="auth" id="auth">Authentication example</a></h2>
+
+ <p>If you jumped directly to this part of the document to find out how
+ to do authentication, it is important to note one thing. There is a
+ common misconception that you are required to use
+ <code>.htaccess</code> files in order to implement password
+ authentication. This is not the case. Putting authentication directives
+ in a <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>
+ section, in your main server configuration file, is the preferred way
+ to implement this, and <code>.htaccess</code> files should be used only
+ if you don't have access to the main server configuration file. See <a href="#when">above</a> for a discussion of when you should and should
+ not use <code>.htaccess</code> files.</p>
+
+ <p>Having said that, if you still think you need to use a
+ <code>.htaccess</code> file, you may find that a configuration such as
+ what follows may work for you.</p>
+
+ <p>You must have "<code>AllowOverride AuthConfig</code>" in effect for
+ these directives to be honored.</p>
+
+ <p><code>.htaccess</code> file contents:</p>
+
+ <div class="example"><p><code>
+ AuthType Basic<br />
+ AuthName "Password Required"<br />
+ AuthUserFile /www/passwords/password.file<br />
+ AuthGroupFile /www/passwords/group.file<br />
+ Require Group admins
+ </code></p></div>
+
+ <p>Note that <code>AllowOverride AuthConfig</code> must be in effect
+ for these directives to have any effect.</p>
+
+ <p>Please see the <a href="auth.html">authentication tutorial</a> for a
+ more complete discussion of authentication and authorization.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="ssi" id="ssi">Server Side Includes example</a></h2>
+
+ <p>Another common use of <code>.htaccess</code> files is to enable
+ Server Side Includes for a particular directory. This may be done with
+ the following configuration directives, placed in a
+ <code>.htaccess</code> file in the desired directory:</p>
+
+ <div class="example"><p><code>
+ Options +Includes<br />
+ AddType text/html shtml<br />
+ AddHandler server-parsed shtml
+ </code></p></div>
+
+ <p>Note that <code>AllowOverride Options</code> and <code>AllowOverride
+ FileInfo</code> must both be in effect for these directives to have any
+ effect.</p>
+
+ <p>Please see the <a href="ssi.html">SSI tutorial</a> for a more
+ complete discussion of server-side includes.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="cgi" id="cgi">CGI example</a></h2>
+
+ <p>Finally, you may wish to use a <code>.htaccess</code> file to permit
+ the execution of CGI programs in a particular directory. This may be
+ implemented with the following configuration:</p>
+
+ <div class="example"><p><code>
+ Options +ExecCGI<br />
+ AddHandler cgi-script cgi pl
+ </code></p></div>
+
+ <p>Alternately, if you wish to have all files in the given directory be
+ considered to be CGI programs, this may be done with the following
+ configuration:</p>
+
+ <div class="example"><p><code>
+ Options +ExecCGI<br />
+ SetHandler cgi-script
+ </code></p></div>
+
+ <p>Note that <code>AllowOverride Options</code> and <code>AllowOverride
+ FileInfo</code> must both be in effect for these directives to have any
+ effect.</p>
+
+ <p>Please see the <a href="cgi.html">CGI tutorial</a> for a more
+ complete discussion of CGI programming and configuration.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="troubleshoot" id="troubleshoot">Troubleshooting</a></h2>
+
+ <p>When you put configuration directives in a <code>.htaccess</code>
+ file, and you don't get the desired effect, there are a number of
+ things that may be going wrong.</p>
+
+ <p>Most commonly, the problem is that <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> is not
+ set such that your configuration directives are being honored. Make
+ sure that you don't have a <code>AllowOverride None</code> in effect
+ for the file scope in question. A good test for this is to put garbage
+ in your <code>.htaccess</code> file and reload. If a server error is
+ not generated, then you almost certainly have <code>AllowOverride
+ None</code> in effect.</p>
+
+ <p>If, on the other hand, you are getting server errors when trying to
+ access documents, check your Apache error log. It will likely tell you
+ that the directive used in your <code>.htaccess</code> file is not
+ permitted. Alternately, it may tell you that you had a syntax error,
+ which you will then need to fix.</p>
+
+</div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/howto/htaccess.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../ja/howto/htaccess.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
+<a href="../ko/howto/htaccess.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2009 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
+</body></html> \ No newline at end of file