XML-ized versions. Are we supposed to remove the .html files now?

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96381 13f79535-47bb-0310-9956-ffa450edef68
author: Rich Bowen <rbowen@apache.org> 2002-08-15 15:47:10 +0000
committer: Rich Bowen <rbowen@apache.org> 2002-08-15 15:47:10 +0000
commit: cec5fbaf5b42195c726ba16e61cc3a91a0881177 (patch)
tree: b424f17fb1dcf75137b2bf9ae883823def9271d8 /docs/manual/howto/htaccess.xml
parent: 98199c706d924870b944e3672a310a29bb241dee (diff)
download: httpd-cec5fbaf5b42195c726ba16e61cc3a91a0881177.tar.gz
1 files changed, 358 insertions, 0 deletions
diff --git a/docs/manual/howto/htaccess.xml b/docs/manual/howto/htaccess.xml
new file mode 100755
index 0000000000..b6e804ef4c
--- /dev/null
+++ b/docs/manual/howto/htaccess.xml
@@ -0,0 +1,358 @@
+<?xml version='1.0' encoding='UTF-8' ?>
+<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+<manualpage>
+<relativepath href=".."/>
+
+<title>Apache Tutorial: .htaccess files</title>
+
+<summary>
+<p><code>.htaccess</code> files provide a way to make configuration
+changes on a per-directory basis.</p>
+</summary>
+
+<section id="related"><title>.htaccess files</title>
+    <related>
+        <modulelist>
+            <module>core</module>
+            <module>mod_auth</module>
+            <module>mod_cgi</module>
+            <module>mod_includes</module>
+            <module>mod_mime</module>
+        </modulelist>
+
+        <directivelist>
+            <directive module="core">AccessFileName</directive>
+            <directive module="core">AllowOverride</directive>
+            <directive module="core">Options</directive>
+            <directive module="mod_mime">AddHandler</directive>
+            <directive module="core">SetHandler</directive>
+            <directive module="core">AuthType</directive>
+            <directive module="core">AuthName</directive>
+            <directive module="mod_auth">AuthUserFile</directive>
+            <directive module="mod_auth">AuthGroupFile</directive>
+            <directive module="core">Require</directive>
+        </directivelist>
+
+    </related>
+</section>
+
+<section id="what">
+<title>What they are/How to use them</title>
+
+    <p><code>.htaccess</code> files (or "distributed configuration files")
+    provide a way to make configuration changes on a per-directory basis. A
+    file, containing one or more configuration directives, is placed in a
+    particular document directory, and the directives apply to that
+    directory, and all subdirectories thereof.</p>
+
+<note>
+    <p>Note: If you want to call your <code>.htaccess</code> file something
+    else, you can change the name of the file using the <code><a
+    href="../mod/core.html#accessfilename">AccessFileName</a></code>
+    directive. For example, if you would rather call the file
+    <code>.config</code> then you can put the following in your server
+    configuration file:</p>
+
+    <example>
+    AccessFileName .config
+    </example>
+</note>
+
+    <p>What you can put in these files is determined by the <directive
+    module="core">AllowOverride</directive>
+    directive. This directive specifies, in categories, what directives
+    will be honored if they are found in a <code>.htaccess</code> file. If
+    a directive is permitted in a <code>.htaccess</code> file, the
+    documentation for that directive will contain an Override section,
+    specifying what value must be in <directive 
+    module="core">AllowOverride</directive> in order
+    for that directive to be permitted.</p>
+
+    <p>For example, if you look at the documentation for the <directive
+    module="core">AddDefaultCharset</directive>
+    directive, you will find that it is permitted in <code>.htaccess</code>
+    files. (See the Context line in the directive summary.) The <a
+    href="../mod/directive-dict.html#Context">Override</a> line reads
+    "<code>FileInfo</code>". Thus, you must have at least
+    "<code>AllowOverride FileInfo</code>" in order for this directive to be
+    honored in <code>.htaccess</code> files.</p>
+
+<example><title>Example:</title>
+
+      <table>
+        <tr>
+          <td><a
+          href="../mod/directive-dict.html#Context">Context:</a></td>
+
+          <td>server config, virtual host, directory, .htaccess</td>
+        </tr>
+
+        <tr>
+          <td><a
+          href="../mod/directive-dict.html#Override">Override:</a></td>
+
+          <td>FileInfo</td>
+        </tr>
+      </table>
+</example>
+
+
+    <p>If you are unsure whether a particular directive is permitted in a
+    <code>.htaccess</code> file, look at the documentation for that
+    directive, and check the Context line for ".htaccess."</p>
+    </section>
+
+    <section id="when">
+    <title>When (not) to use .htaccess files</title>
+
+    <p>In general, you should never use <code>.htaccess</code> files unless
+    you don't have access to the main server configuration file. There is,
+    for example, a prevailing misconception that user authentication should
+    always be done in <code>.htaccess</code> files. This is simply not the
+    case. You can put user authentication configurations in the main server
+    configuration, and this is, in fact, the preferred way to do
+    things.</p>
+
+    <p><code>.htaccess</code> files should be used in a case where the
+    content providers need to make configuration changes to the server on a
+    per-directory basis, but do not have root access on the server system.
+    In the event that the server administrator is not willing to make
+    frequent configuration changes, it might be desirable to permit
+    individual users to make these changes in <code>.htaccess</code> files
+    for themselves. This is particularly true, for example, in cases where
+    ISPs are hosting multiple user sites on a single machine, and want
+    their users to be able to alter their configuration.</p>
+
+    <p>However, in general, use of <code>.htaccess</code> files should be
+    avoided when possible. Any configuration that you would consider
+    putting in a <code>.htaccess</code> file, can just as effectively be
+    made in a <directive module="core"
+    type="section">Directory</directive> section in your main server 
+    configuration file.</p>
+
+    <p>There are two main reasons to avoid the use of
+    <code>.htaccess</code> files.</p>
+
+    <p>The first of these is performance. When <directive 
+    module="core">AllowOverride</directive>
+    is set to allow the use of <code>.htaccess</code> files, Apache will
+    look in every directory for <code>.htaccess</code> files. Thus,
+    permitting <code>.htaccess</code> files causes a performance hit,
+    whether or not you actually even use them! Also, the
+    <code>.htaccess</code> file is loaded every time a document is
+    requested.</p>
+
+    <p>Further note that Apache must look for <code>.htaccess</code> files
+    in all higher-level directories, in order to have a full complement of
+    directives that it must apply. (See section on <a href="#how">how
+    directives are applied</a>.) Thus, if a file is requested out of a
+    directory <code>/www/htdocs/example</code>, Apache must look for the
+    following files:</p>
+
+   <example>
+      /.htaccess<br />
+      /www/.htaccess<br />
+      /www/htdocs/.htaccess<br />
+      /www/htdocs/example/.htaccess
+   </example>
+
+    <p>And so, for each file access out of that directory, there are 4
+    additional file-system accesses, even if none of those files are
+    present. (Note that this would only be the case if .htaccess files were
+    enabled for /, which is not usually the case.)</p>
+
+    <p>The second consideration is one of security. You are permitting
+    users to modify server configuration, which may result in changes over
+    which you have no control. Carefully consider whether you want to give
+    your users this privilege. Note also that giving users less
+    privileges than they need will lead to additional technical support
+    requests. Make sure you clearly tell your users what level of
+    privileges you have given them. Specifying exactly what you have set
+    <code>AllowOverride</code> to, and pointing them to the relevant
+    documentation, will save yourself a lot of confusion later.</p>
+
+    <p>Note that it is completely equivalent to put a .htaccess file in a
+    directory <code>/www/htdocs/example</code> containing a directive, and
+    to put that same directive in a Directory section <code>&lt;Directory
+    /www/htdocs/example&gt;</code> in your main server configuration:</p>
+
+    <p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
+
+    <example><title>Contents of .htaccess file in
+    <code>/www/htdocs/example</code></title>
+        AddType text/example .exm
+    </example>
+
+    <example><title>Section from your <code>httpd.conf</code>
+    file</title>
+          &lt;Directory /www/htdocs/example&gt;<br />
+           AddType text/example .exm<br />
+           &lt;/Directory&gt;
+    </example>
+
+    <p>However, putting this configuration in your server configuration
+    file will result in less of a performance hit, as the configuration is
+    loaded once when Apache starts, rather than every time a file is
+    requested.</p>
+
+    <p>The use of <code>.htaccess</code> files can be disabled completely
+    by setting the <code>AllowOverride</code> directive to "none"</p>
+
+    <example>
+      AllowOverride None
+    </example>
+</section>
+
+<section id="how"><title>How directives are applied</title>
+
+    <p>The configuration directives found in a <code>.htaccess</code> file
+    are applied to the directory in which the <code>.htaccess</code> file
+    is found, and to all subdirectories thereof. However, it is important
+    to also remember that there may have been <code>.htaccess</code> files
+    in directories higher up. Directives are applied in the order that they
+    are found. Therefore, a <code>.htaccess</code> file in a particular
+    directory may override directives found in <code>.htaccess</code> files
+    found higher up in the directory tree. And those, in turn, may have
+    overridden directives found yet higher up, or in the main server
+    configuration file itself.</p>
+
+    <p>Example:</p>
+
+    <p>In the directory <code>/www/htdocs/example1</code> we have a
+    <code>.htaccess</code> file containing the following:</p>
+
+    <example>
+       Options +ExecCGI
+    </example>
+
+    <p>(Note: you must have "<code>AllowOverride Options</code>" in effect
+    to permit the use of the "<directive
+    module="core">Options</directive>" directive in
+    <code>.htaccess</code> files.)</p>
+
+    <p>In the directory <code>/www/htdocs/example1/example2</code> we have
+    a <code>.htaccess</code> file containing:</p>
+
+    <example>
+       Options Includes
+    </example>
+
+    <p>Because of this second <code>.htaccess</code> file, in the directory
+    <code>/www/htdocs/example1/example2</code>, CGI execution is not
+    permitted, as only <code>Options Includes</code> is in effect, which
+    completely overrides any earlier setting that may have been in
+    place.</p>
+</section>
+
+<section id="auth"><title>Authentication example</title>
+
+    <p>If you jumped directly to this part of the document to find out how
+    to do authentication, it is important to note one thing. There is a
+    common misconception that you are required to use
+    <code>.htaccess</code> files in order to implement password
+    authentication. This is not the case. Putting authentication directives
+    in a <code>&lt;Directory&gt;</code> section, in your main server
+    configuration file, is the preferred way to implement this, and
+    <code>.htaccess</code> files should be used only if you don't have
+    access to the main server configuration file. See <a 
+    href="#when">above</a> for a discussion of when you should and should
+    not use <code>.htaccess</code> files.</p>
+
+    <p>Having said that, if you still think you need to use a
+    <code>.htaccess</code> file, you may find that a configuration such as
+    what follows may work for you.</p>
+
+    <p>You must have "<code>AllowOverride AuthConfig</code>" in effect for
+    these directives to be honored.</p>
+
+    <p><code>.htaccess</code> file contents:</p>
+
+    <example>
+          AuthType Basic<br />
+           AuthName "Password Required"<br />
+           AuthUserFile /www/passwords/password.file<br />
+           AuthGroupFile /www/passwords/group.file<br />
+           Require Group admins
+    </example>
+
+    <p>Note that <code>AllowOverride AuthConfig</code> must be in effect
+    for these directives to have any effect.</p>
+
+    <p>Please see the <a href="auth.html">authentication tutorial</a> for a
+    more complete discussion of authentication and authorization.</p>
+</section>
+
+<section id="ssi"><title>Server side includes example</title>
+
+    <p>Another common use of <code>.htaccess</code> files is to enable
+    Server Side Includes for a particular directory. This may be done with
+    the following configuration directives, placed in a
+    <code>.htaccess</code> file in the desired directory:</p>
+
+    <example>
+       Options +Includes<br />
+       AddType text/html shtml<br />
+       AddHandler server-parsed shtml
+    </example>
+
+    <p>Note that <code>AllowOverride Options</code> and <code>AllowOverride
+    FileInfo</code> must both be in effect for these directives to have any
+    effect.</p>
+
+    <p>Please see the <a href="ssi.html">SSI tutorial</a> for a more
+    complete discussion of server-side includes.</p>
+</section>
+
+<section id="cgi"><title>CGI example</title>
+
+    <p>Finally, you may wish to use a <code>.htaccess</code> file to permit
+    the execution of CGI programs in a particular directory. This may be
+    implemented with the following configuration:</p>
+
+    <example>
+       Options +ExecCGI<br />
+       AddHandler cgi-script cgi pl
+    </example>
+
+    <p>Alternately, if you wish to have all files in the given directory be
+    considered to be CGI programs, this may be done with the following
+    configuration:</p>
+
+    <example>
+       Options +ExecCGI<br />
+       SetHandler cgi-script
+    </example>
+
+    <p>Note that <code>AllowOverride Options</code> must be in effect for
+    these directives to have any effect.</p>
+
+    <p>Please see the <a href="cgi.html">CGI tutorial</a> for a more
+    complete discussion of CGI programming and configuration.</p>
+
+</section>
+
+<section id="troubleshoot"><title>Troubleshooting</title>
+
+    <p>When you put configuration directives in a <code>.htaccess</code>
+    file, and you don't get the desired effect, there are a number of
+    things that may be going wrong.</p>
+
+    <p>Most commonly, the problem is that <directive
+    module="core">AllowOverride</directive> is not
+    set such that your configuration directives are being honored. Make
+    sure that you don't have a <code>AllowOverride None</code> in effect
+    for the file scope in question. A good test for this is to put garbage
+    in your <code>.htaccess</code> file and reload. If a server error is
+    not generated, then you almost certainly have <code>AllowOverride
+    None</code> in effect.</p>
+
+    <p>If, on the other hand, you are getting server errors when trying to
+    access documents, check your Apache error log. It will likely tell you
+    that the directive used in your .htaccess file is not permitted.
+    Alternately, it may tell you that you had a syntax error, which you
+    will then need to fix.</p>
+
+  </section>
+
+</manualpage>
author	Rich Bowen <rbowen@apache.org>	2002-08-15 15:47:10 +0000
committer	Rich Bowen <rbowen@apache.org>	2002-08-15 15:47:10 +0000
commit	cec5fbaf5b42195c726ba16e61cc3a91a0881177 (patch)
tree	b424f17fb1dcf75137b2bf9ae883823def9271d8 /docs/manual/howto/htaccess.xml
parent	98199c706d924870b944e3672a310a29bb241dee (diff)
download	httpd-cec5fbaf5b42195c726ba16e61cc3a91a0881177.tar.gz