Book HomeApache: The Definitive GuideSearch this book

5.12. Overrides

We can do more with overrides than speed Apache up. This mechanism allows the webmaster to exert finer control over what is done in .htaccess files. The key directive is AllowOverride.

5.12.1. AllowOverride

AllowOverride override1 override2 ...
Directory

This directive tells Apache which directives in an .htaccess file can override earlier directives. The list of AllowOverride overrides is as follows:

AuthConfig

Allows individual settings of AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, and require

FileInfo

Allows AddType, AddEncoding, and AddLanguage

Indexes

Allows FancyIndexing, AddIcon, AddDescription (see Chapter 7, "Indexing")

Limit

Can limit access based on hostname or IP number

Options

Allows the use of the Options directive (see Chapter 4, "Common Gateway Interface (CGI) ")

All

All of the above

None

None of the above

You might ask: if none switches multiple searches off, which of the above options switches it on? The answer is any of them, or the complete absence of AllowOverride. In other words, it is on by default.

To illustrate how this works, look at .../site.override, which is .../site.htaccess with the authentication directives on the salespeople's directory back in again. We have also, to make a visible difference, commented out:

require group cleaners

and uncommented:

#require valid-user

The Config file is as follows:

User webuser
Group webgroup
ServerName www.butterthlies.com
AccessFilename .myaccess

ServerAdmin sales@butterthlies.com
DocumentRoot /usr/www/site.htaccess/htdocs/customers
ErrorLog /usr/www/site.htaccess/logs/customers/error_log
TransferLog /usr/www/site.htaccess/logs/customers/access_log
ScriptAlias /cgi-bin /usr/www/cgi-bin

<VirtualHost sales.butterthlies.com>
ServerAdmin sales_mgr@butterthlies.com
DocumentRoot /usr/www/site.htaccess/htdocs/salesmen
ServerName sales.butterthlies.com
ErrorLog /usr/www/site.htaccess/logs/salesmen/error_log
TransferLog /usr/www/site.htaccess/logs/salesmen/access_log
ScriptAlias /cgi-bin /usr/www/cgi-bin

<Directory /usr/www/site.htaccess/htdocs/salesmen>
AuthType Basic
AuthName darkness

AuthUserFile /usr/www/ok_users/sales
AuthGroupFile /usr/www/ok_users/groups

require valid-user
#require group cleaners
</Directory>

<Directory /usr/www/cgi-bin>
AuthType Basic
AuthName darkness
AuthUserFile /usr/www/ok_users/sales
AuthGroupFile /usr/www/ok_users/groups
#AuthDBMUserFile /usr/www/ok_dbm/sales
#AuthDBMGroupFile /usr/www/ok_dbm/groups
</Directory>
</VirtualHost>

Access to the salespeople's site is now restricted to bill, ben, sonia, and daphne, and they need to give a password. If you remember, the .myaccess file of .../site.htaccess had the following lines:

require group cleaners
#require valid-user

As things stand in .../site.override, the Config file will prevail and any valid user, such as bill, can get access. If we insert the line:

AllowOverride Authconfig

in the Directory block, httpd.conf allows any valid user access to the salespeople's directory, but .myaccess restricts it further to members of the group cleaners.

As can be seen, AllowOverride makes it possible for individual directories to be precisely tailored. It serves little purpose to give more examples because they all work the same way.



Library Navigation Links

Copyright © 2001 O'Reilly & Associates. All rights reserved.