The OptionsFollowSymLinksAllowOverrideNoneApache server can control document access to directories. However, access control can be implemented in two ways. One is to set the file httpd. conf (or access. conf). Another way is to set the access control file under each directory
Options FollowSymLinks AllowOverride None the Apache server can perform document access control for directories. However, access control can be implemented in two ways. One is to set the file httpd. conf (or access. conf). Another method is to set the access control file in each directory.
You can control document access to directories. However, you can use
In the httpd. conf file (or access. conf ).
Set the access control file in each directory.
The name is. htaccess. Although both methods can be used to control browser access
The file method requires that the httpd daemon be restarted after each change, which is not flexible. Therefore, it is mainly used
The system's overall security control policy, while using the. htaccess file under each directory to set access control for a specific directory is more flexible and convenient.
The Directory statement is used to define the access restriction of a Directory. here we can see its standard syntax, which defines the access restriction for a Directory. In the preceding example, this setting is for the root directory of the system. The FollowSymLinks option is set to allow symbolic connections, and use AllowOverride None to indicate that the access control file in this directory is not allowed to change
This also means you do not need to view the corresponding access control files in this directory.
Because Apache's access control settings for a directory can be inherited by the next-level directory
The setting of the root directory affects its sub-directory. Note that due to the setting of AllowOverride None
You do not need to view the access control file in the root directory or view the following levels
Directory until a directory is specified in httpd. conf (or access. conf ).
Allows Alloworride to view access control files. Because Apache uses the Inheritance Method for directory access control, if you can view the access control file from the root directory, Apache must view the access control file at the first level, this will affect system performance. By default, the root directory feature is disabled, which enables Apache to search down from the specific directory specified in httpd. conf, reducing the search level and increasing system performance. Therefore, setting AllowOverride None in the system root directory is not only helpful to system security, but also beneficial to system performance.
Options Indexes FollowSymLinks
Order allow, deny
Allow from all
Here, we define access settings for directories of the system's external publishing documents, and set different AllowOverride options to define
The relationship between the directory settings in the file and the security control file in the user directory, and the Options option is used to define the features of the directory.
You can set access restrictions for files and access control files under each directory.
Set by the Administrator, and the access control files under each directory are set by the owner of the directory. Therefore
You can specify whether the directory owner can overwrite the system settings in the setting file. You need to use the AllowOverride parameter to set it. Generally, the value can be set:
The impact of AllowOverride settings on the role of access control files in each directory
All default value, so that the access control file can overwrite the system
Ignore Access Control File Settings
Options allows the access control file to use the Options parameter to define the DIRECTORY Options.
FileInfo allows parameters such as AddType in the access control file.
AuthConfig allows access control files to use authentication mechanisms such as AuthName and AuthType for each user, this allows the directory owner to use passwords and user names to protect the directory Limit and restrict the IP addresses and names of clients accessing the directory.
Each directory has certain attributes. You can use Options to control some access feature settings in this directory. The following are common feature Options:
All directory features are valid, which is the default status
None. All directory features are invalid.
FollowSymLinks allows symbolic connections, which makes it possible for the browser to access documents outside the document root directory (DocumentRoot) SymLinksIfOwnerMatch only when the purpose of the symbolic connection and the symbolic connection itself are owned by the same user, access is allowed. This setting adds security.
ExecCGI allows you to execute the CGI program Indexes in this directory to allow the browser to send a list of files in this directory when no index.html (or other index files) exists in this directory.
In addition, parameters such as Order, Allow, and Deny are used in the preceding example. This is a method used to control access based on the browser domain name and IP address in the Limit statement. Here, Order defines the Order in which Allow and Deny are processed, while Allow and Deny set access control for the name or IP address. In the above example, allowfrom all is used to Allow all clients to access this directory, without any restrictions.
When running Apache on a Linux Server
All users on this computer can have their own web path, such as http://example.org.cn /~ User. You can map the user to the user's webpage directory by adding the user name to the Tilde symbol. The ing directory is a sub-directory in the user's home directory. Its name is defined using the UseDir parameter. The default value is public_html. If you do not want to provide webpage services for official users, use DISABLED as the UserDir parameter.
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# Order allow, deny
# Allow from all
# Order deny, allow
# Deny from all
Here we can see another usage of Directory, that is, you can use a simple pattern matching method to define access control permissions for subdirectories distributed in different directories. In this way, Apache is required.
Perform additional processing on each path, thus reducing
So this access restriction is not enabled by default.