[Pmwiki-users] more thoughts on .htaccess

Joachim Durchholz jo
Wed Dec 15 14:14:21 CST 2004


Neil Herber wrote:
> 
> "Someone who knows a little about Apache configuration" certainly 
> describes me. "Very little" might be more accurate.
> 
> For the "local/.htaccess" file to work at all, does there not need to be 
> some kind of override in the httpd.conf file? A default install of 
> Apache 2 appears to have .htaccess disabled. So having the file present 
> may give me a warm feeling, but it certainly isn't protecting anything. 
> The default appears as follows:
> 
> # AllowOverride controls what directives may be placed in .htaccess files.
> # It can be "All", "None", or any combination of the keywords:
> #   Options FileInfo AuthConfig Limit
> #
>     AllowOverride None
> 
> What should this be set to? I suspect that "all" would be OK as long as 
> I control the .htaccess files.

That's correct.

However, you should really read the Apache docs on the topic. It's very 
easy to misconfigure access permissions in Apache, because there are 
several layers of defaults and they may interact in unforeseen ways if 
you don't know all of them.

The most relevant sections in the Apache docs were, for me:
http://httpd.apache.org/docs-2.0/sections.html: explains the interaction 
between <Directory> directives, <Location> directives, and .htaccess files.
http://httpd.apache.org/docs-2.0/howto/htaccess.html: on .htaccess.
http://httpd.apache.org/docs-2.0/howto/auth.html: authentication (that's 
what people want to configure).

Other than that, one can read up on the directives on a per-need basis.

Regards,
Jo



More information about the pmwiki-users mailing list