4. AllowOverride directive and .htaccess, Tutorial
The AllowOverride directive
The AllowOverride directive specifies the allowed content (directives) of an .htaccess file.
Syntax
1 | AllowOverride All | None | groupings of directives |
-
All
= any directive listed below is allowed in .htaccess
None
= the .htaccess file is completely ignored
groupings of directives
= only the directives under that specific grouping are allowed in the .htaccess file
AllowOverride groupings of directives
Below 5 groupings of directives, each containing specific directives and their corresponding module:
- AuthConfig
- FileInfo
- core: AcceptPathInfo, AddDefaultCharset, AddOutputFilterByType, CGIMapExtension, DefaultType, EnableMMAP, EnableSendfile, ErrorDocument, FileETag, ForceType, ScriptInterpreterSource, SetHandler, SetInputFilter, SetOutputFilter
- mod_actions:
- mod_alias:
- mod_charset_lite:
- mod_env:
- mod_headers:
- mod_isapi:
- mod_mime:
- mod_negotiation:
- mod_rewrite:
- mod_setenvif:
- mod_substitute:
- mod_usertrack:
- Indexes
- mod_autoindex:
- DefaultIndexing: HeaderName, ReadmeName, IndexHeadInsert, IndexIgnore, IndexOptions, IndexStyleSheet
- FancyIndexing (if AllowOverride All or AllowOverride Indexes and IndexOptions +FancyIndexing): AddAlt, AddAltByEncoding, AddAltByType, AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, IndexOrderDefault
- mod_cern_meta:
- mod_dir:
- DefaultIndexing: DirectoryIndex, DirectorySlash, FallbackResource
- mod_expires:
- mod_imagemap:
- mod_autoindex:
- Options
- core: ContentDigest, Options
- mod_filter:
- mod_include:
- mod_speling:
- mod_ssl:
- All
- all the above ↑ and the directives below ↓ :
- core: <Files filename> ... </Files>, <FilesMatch regex> ... </FilesMatch>, <IfDefine [!]parameter-name> ... </IfDefine>, <IfModule [!]module-file|module-identifier> ... </IfModule>, <Limit method [method] ... > ... </Limit>, <LimitExcept method [method] ... > ... </LimitExcept>, LimitRequestBody, LimitXMLRequestBody, RLimitCPU, RLimitMEM, RLimitNPROC, ServerSignature
- mod_version:
- mod_include:
- ---
- mod_deflate:
- mod_ldap:
- mod_example:
- mod_include:
- mod_cgid:
AllowOverride directive Examples
Deny all access to the server requires:
1 2 | AllowOverride All or AllowOverride Limit |
1 | LoadModule authz_host_module modules/mod_authz_host.so |
1 2 3 | Deny from all or Order Allow,Deny |
Set index page requires:
1 2 | AllowOverride All or AllowOverride Indexes |
1 | LoadModule dir_module modules/mod_dir.so |
1 | DirectoryIndex index.php index.html x.txt |
Deny access (403) to IE users (SetEnvIf User-Agent), requires:
1 2 | AllowOverride All or AllowOverride Limit FileInfo |
1 2 | LoadModule authz_host_module modules/mod_authz_host.so LoadModule setenvif_module modules/mod_setenvif.so |
1 2 | SetEnvIf User-Agent ".*Trident.*$" noIE Deny from env=noIE |
Video demonstration AllowOverride directive and .htaccess
AllowOverride directive, Tutorial
min | video details |
---|---|
00:00 | AllowOverride directive, .htaccess Tutorial /Apache v2.2 |
00:12 | AllowOverride controls what directives may be placed in .htaccess files. |
00:17 | AllowOverride is located within the httpd.conf file |
00:19 | In a shared hosting you won't be having accessto the httpd.conf file, so in case a valid directive does not work in .htaccess it's probably because it can't be overriden through .htaccess. |
00:26 | There are other reasons why directives don't work in .htaccess, see the conditions that must be met, here |
00:30 | If the AllowOverride is the problem, you may ask your hosting company to allow the override of the directive through .htaccess. |
00:34 | AllowOverride Syntax |
00:37 | AllowOverride All |
00:42 | All = any directive listed below (Order,Allow,Deny including) is allowed in .htaccess |
01:00 | denying everyone's access to the server |
01:06 | htaccess directives honored; server access denied |
01:12 | AllowOverride None |
01:15 | None= the .htaccess file is completely ignored |
01:24 | restarting the server because httpd.conf file modified |
01:35 | htaccess ignored; Order, Allow, Deny not honored; server access allowed |
01:39 | AllowOverride groupings of directives |
01:41 | groupings of directives = only the directives under that specific grouping are allowed in .htaccess |
01:49 | Order, Allow, Deny directives listed under Limit grouping of directives : → AllowOverride All or AllowOverride Limit |
02:05 | directives work; server access denied |
02:09 | Incorrect example: AllowOverride Options instead of Limit → server error |
02:30 | If you want to use the Deny directive together with the SetEnvIf directive in htaccess, then AllowOverride All or AllowOverride Limit FileInfo |
02:38 | groupings of directives space separated |
02:44 | server access denied to all User Agents containing the word "Trident" (IE users) |
03:06 | Firefox browser: server access allowed |
03:23 | IE11 browser: server access denied |
For more information about the apache.org
file, please see the spec: