The OptionsFollowSymLinksAllowOverrideNoneApache server can control document access to directories. However, access control can be implemented in two ways. one is to set the file httpd. conf (or access. conf). Another method is to set the access control file under each directory.
Options FollowSymLinks
AllowOverride None
The Apache server can control document access to directories. However
In the httpd. conf file (or access. conf ).
Set the access control file in each directory.
The name is. htaccess. Although both methods can be used to control browser access, the configuration file method requires that the httpd daemon be restarted after each change, which is not flexible, therefore, it is mainly used to configure the overall security control policy of the server system and use. it is more flexible and convenient to set access control for specific directories in the htaccess file.
The Directory statement is used to define the access restriction of a Directory. here we can see its standard syntax, which defines the access restriction for a Directory. In the preceding example, this setting is for the root directory of the system. The FollowSymLinks option is set to allow symbolic connections, and use AllowOverride None to indicate that the access control file in this directory is not allowed to change the configuration here, which means that you do not need to view the corresponding access control file in this directory.
Because Apache's access control settings for a directory can be inherited by the next-level Directory
The setting of the root directory affects its sub-directory. Note that due to the setting of AllowOverride None
The Apache server does not need to view the access control file under the root directory, or view the following levels
Directory until a directory is specified in httpd. conf (or access. conf ).
Allows Alloworride to view access control files. Because Apache uses the inheritance method for directory access control, if you can view the access control file from the root directory, Apache must view the access control file at the first level, this will affect system performance. By default, the root directory feature is disabled, which enables Apache to search down from the specific directory specified in httpd. conf, reducing the search level and increasing system performance. Therefore, setting AllowOverride None in the system root directory is not only helpful to system security, but also beneficial to system performance.
Options Indexes FollowSymLinks
AllowOverride None
Order allow, deny
Allow from all
Here, we define access settings for directories in the system's external release documents, and set different AllowOverride options to define the relationship between directory settings in the configuration file and security control files in the user directory, the Options option defines the features of this directory.
You can set access restrictions for the configuration file and the access control file in each directory.
Set by the administrator, and the access control files under each directory are set by the owner of the Directory. therefore
You can specify whether the directory owner can overwrite the system settings in the setting file. you need to use the AllowOverride parameter to set it. Generally, the value can be set:
The impact of AllowOverride settings on the role of access control files in each directory
The default value of All enables the access control file to overwrite the system configuration.
None server ignores access control file settings
Options allows the access control file to use the Options parameter to define the directory Options.
FileInfo allows parameters such as AddType in the access control file.
AuthConfig allows access control files to use authentication mechanisms such as AuthName and AuthType for each user, this allows the directory owner to use passwords and user names to protect the directory Limit and restrict the IP addresses and names of clients accessing the directory.
Each directory has certain attributes. you can use Options to control some access feature settings in this directory. The following are common feature Options:
Options Settings server feature settings
All Directory features are valid, which is the default status
None. all Directory features are invalid.
FollowSymLinks allows symbolic connections, which makes it possible for the browser to access documents outside the document root directory (DocumentRoot) SymLinksIfOwnerMatch only when the purpose of the symbolic connection and the symbolic connection itself are owned by the same user, access is allowed. this setting adds security.
ExecCGI allows you to execute the CGI program Indexes in this directory to allow the browser to send a list of files in this directory when no index.html (or other index files) exists in this directory.
In addition, parameters such as Order, Allow, and Deny are used in the preceding example. this is a method used to control access based on the browser domain name and IP address in the Limit statement. Here, Order defines the Order in which Allow and Deny are processed, while Allow and Deny set access control for the name or IP address. in the above example, allowfrom all is used to Allow all clients to access this directory, without any restrictions.
UserDir public_html
When running Apache on a Linux server, all users on this computer can have their own web path, like http://example.org.cn /~ User. you can map the user to the user's webpage directory by adding the user name to the tilde symbol. The ing directory is a sub-directory in the user's home directory. Its name is defined using the UseDir parameter. the default value is public_html. If you do not want to provide webpage services for official users, use DISABLED as the UserDir parameter.
#
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#
# Order allow, deny
# Allow from all
#
#
# Order deny, allow
# Deny from all
#
#
Here we can see another usage of Directory, that is, you can use a simple pattern matching method to define access control permissions for subdirectories distributed in different directories. In this way, the Apache server needs to perform additional processing on each path, which reduces the server performance. Therefore, this access restriction is not enabled by default.
