Article Title: Apache server configuration overview (4 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Options FollowSymLinks
AllowOverride None
The Apache server can control document access to directories. However, access control can be implemented in two ways. One is to set the file httpd. conf (or access. conf). Another method is to set the access control file under each directory. Generally, the name of the access control file is. htaccess. Although both methods can be used to control browser access, the configuration file method requires that the httpd daemon be restarted after each change, which is not flexible, therefore, it is mainly used to configure the overall security control policy of the server system and use. it is more flexible and convenient to set access control for specific directories in the htaccess file.
The Directory statement is used to define the access restriction of a Directory. here we can see its standard syntax, which defines the access restriction for a Directory. In the preceding example, this setting is for the root directory of the system. The FollowSymLinks option is set to allow symbolic connections, and use AllowOverride None to indicate that the access control file in this directory is not allowed to change the configuration here, which means that you do not need to view the corresponding access control file in this directory.
Because Apache's access control settings for a directory can be inherited by the lower-level directory, the setting of the root directory will affect its sub-directory. Note that due to the AllowOverride None setting, the Apache server does not need to view the access control files in the root directory or access control files in the following directories until httpd. conf (or access. in conf), Alloworride is specified for a directory to allow access control files to be viewed. Because Apache uses the Inheritance Method for directory access control, if you can view the access control file from the root directory, Apache must view the access control file at the first level, this will affect system performance. By default, the root directory feature is disabled, which enables Apache to search down from the specific directory specified in httpd. conf, reducing the search level and increasing system performance. Therefore, setting AllowOverride None in the system root directory is not only helpful to system security, but also beneficial to system performance.
Options Indexes FollowSymLinks
AllowOverride None
Order allow, deny
Allow from all
Here, we define access settings for directories in the system's external release documents, and set different AllowOverride options to define the relationship between directory settings in the configuration file and security control files in the user directory, the Options option defines the features of this directory.
You can set access restrictions for the configuration file and the access control file in each directory. The setting file is set by the Administrator, the access control file in each directory is set by the directory owner. Therefore, the administrator can specify whether the directory owner can overwrite the settings in the setting file, in this case, you need to use the AllowOverride parameter to set it. Generally, the value can be set:
The impact of AllowOverride settings on the role of access control files in each directory
The default value of All enables the access control file to overwrite the system configuration.
None server ignores Access Control File Settings
Options allows the access control file to use the Options parameter to define the DIRECTORY Options.
FileInfo allows parameters such as AddType in the access control file.
AuthConfig allows access control files to use authentication mechanisms such as AuthName and AuthType for each user, this allows the directory owner to use passwords and user names to protect the directory Limit and restrict the IP addresses and names of clients accessing the directory.
Each directory has certain attributes. You can use Options to control some access feature settings in this directory. The following are common feature Options:
Options settings Server feature settings
All directory features are valid, which is the default status
None. All directory features are invalid.
FollowSymLinks allows symbolic connections, which makes it possible for the browser to access documents outside the document root directory (DocumentRoot) SymLinksIfOwnerMatch only when the purpose of the symbolic connection and the symbolic connection itself are owned by the same user, access is allowed. This setting adds security.
ExecCGI allows you to execute the CGI program Indexes in this directory to allow the browser to send a list of files in this directory when no index.html (or other index files) exists in this directory.
In addition, parameters such as Order, Allow, and Deny are used in the preceding example. This is a method used to control access based on the browser domain name and IP address in the Limit statement. Here, Order defines the Order in which Allow and Deny are processed, while Allow and Deny set access control for the name or IP address. In the above example, allowfrom all is used to Allow all clients to access this directory, without any restrictions.
UserDir public_html
When running Apache on a Linux server, all users on this computer can have their own web path, like http://example.org.cn /~ User. You can map the user to the user's webpage directory by adding the user name to the Tilde symbol. The ing directory is a sub-directory in the user's home directory. Its name is defined using the UseDir parameter. The default value is public_html. If you do not want to provide webpage services for official users, use DISABLED as the UserDir parameter.
#
Here we can see another usage of Directory, that is, you can use a simple pattern matching method to define access control permissions for subdirectories distributed in different directories. In this way, the Apache server needs to perform additional processing on each path, which reduces the server performance. Therefore, this access restriction is not enabled by default.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.