Apache server configuration overview (4)

Source: Internet
Author: User
The OptionsFollowSymLinksAllowOverrideNoneApache server can control document access to directories. However, access control can be implemented in two ways. One is to set the file httpd. conf (or access. conf). Another way is to set the access control file under each directory

Options FollowSymLinks AllowOverride None the Apache server can perform document access control for directories. However, access control can be implemented in two ways. One is to set the file httpd. conf (or access. conf). Another method is to set the access control file in each directory.

Options FollowSymLinks

AllowOverride None

Apache ServerYou can control document access to directories. However, you can use

In the httpd. conf file (or access. conf ).

Set the access control file in each directory.

The name is. htaccess. Although both methods can be used to control browser access ConfigurationThe file method requires that the httpd daemon be restarted after each change, which is not flexible. Therefore, it is mainly used Configuration ServerThe system's overall security control policy, while using the. htaccess file under each directory to set access control for a specific directory is more flexible and convenient.

The Directory statement is used to define the access restriction of a Directory. here we can see its standard syntax, which defines the access restriction for a Directory. In the preceding example, this setting is for the root directory of the system. The FollowSymLinks option is set to allow symbolic connections, and use AllowOverride None to indicate that the access control file in this directory is not allowed to change ConfigurationThis also means you do not need to view the corresponding access control files in this directory.

Because Apache's access control settings for a directory can be inherited by the next-level directory

The setting of the root directory affects its sub-directory. Note that due to the setting of AllowOverride None

Apache ServerYou do not need to view the access control file in the root directory or view the following levels

Directory until a directory is specified in httpd. conf (or access. conf ).

Allows Alloworride to view access control files. Because Apache uses the Inheritance Method for directory access control, if you can view the access control file from the root directory, Apache must view the access control file at the first level, this will affect system performance. By default, the root directory feature is disabled, which enables Apache to search down from the specific directory specified in httpd. conf, reducing the search level and increasing system performance. Therefore, setting AllowOverride None in the system root directory is not only helpful to system security, but also beneficial to system performance.

Options Indexes FollowSymLinks

AllowOverride None

Order allow, deny

Allow from all

Here, we define access settings for directories of the system's external publishing documents, and set different AllowOverride options to define ConfigurationThe relationship between the directory settings in the file and the security control file in the user directory, and the Options option is used to define the features of the directory.

   ConfigurationYou can set access restrictions for files and access control files under each directory.

Set by the Administrator, and the access control files under each directory are set by the owner of the directory. Therefore

You can specify whether the directory owner can overwrite the system settings in the setting file. You need to use the AllowOverride parameter to set it. Generally, the value can be set:

The impact of AllowOverride settings on the role of access control files in each directory

All default value, so that the access control file can overwrite the system Configuration

None ServerIgnore Access Control File Settings

Options allows the access control file to use the Options parameter to define the DIRECTORY Options.

FileInfo allows parameters such as AddType in the access control file.

AuthConfig allows access control files to use authentication mechanisms such as AuthName and AuthType for each user, this allows the directory owner to use passwords and user names to protect the directory Limit and restrict the IP addresses and names of clients accessing the directory.

Each directory has certain attributes. You can use Options to control some access feature settings in this directory. The following are common feature Options:

Options settings ServerFeature settings

All directory features are valid, which is the default status

None. All directory features are invalid.

FollowSymLinks allows symbolic connections, which makes it possible for the browser to access documents outside the document root directory (DocumentRoot) SymLinksIfOwnerMatch only when the purpose of the symbolic connection and the symbolic connection itself are owned by the same user, access is allowed. This setting adds security.

ExecCGI allows you to execute the CGI program Indexes in this directory to allow the browser to send a list of files in this directory when no index.html (or other index files) exists in this directory.

In addition, parameters such as Order, Allow, and Deny are used in the preceding example. This is a method used to control access based on the browser domain name and IP address in the Limit statement. Here, Order defines the Order in which Allow and Deny are processed, while Allow and Deny set access control for the name or IP address. In the above example, allowfrom all is used to Allow all clients to access this directory, without any restrictions.

UserDir public_html

When running Apache on a Linux Server ServerAll users on this computer can have their own web path, such as http://example.org.cn /~ User. You can map the user to the user's webpage directory by adding the user name to the Tilde symbol. The ing directory is a sub-directory in the user's home directory. Its name is defined using the UseDir parameter. The default value is public_html. If you do not want to provide webpage services for official users, use DISABLED as the UserDir parameter.


# AllowOverride FileInfo AuthConfig Limit

# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec


# Order allow, deny

# Allow from all



# Order deny, allow

# Deny from all



Here we can see another usage of Directory, that is, you can use a simple pattern matching method to define access control permissions for subdirectories distributed in different directories. In this way, Apache is required. ServerPerform additional processing on each path, thus reducing ServerSo this access restriction is not enabled by default.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.