The main goal of AllowOverride is for the manager of main configuration files of apache (the one found in
If you are not the administrator of the server, you depend on the
If you are the master apache configuration manager you should always use
By the way in your example you use <Directory> and this will always be wrong, Directory instructions are always containing a path, like <Directory /> or
/etc/apache2/mainly) to decide which part of the configuration may be dynamically altered on a per-path basis by applications.
If you are not the administrator of the server, you depend on the
AllowOverrideLevel that theses admins allows for you. So that they can prevent you to alter some important security settings;
If you are the master apache configuration manager you should always use
AllowOverrideNone and transfer all google_based example you find, based on
.htaccessfiles to Directory sections on the main configuration files. As a
.htaccesscontent for a
.htaccessfile in
/my/path/to/a/directoryis the same as a
<Directory my/path/to/a/directory>instruction, except that the
.htaccessdynamic per-HTTP-request configuration alteration is something slowing down your web server. Always prefer a static configuration without
.htaccesschecks (and you will also avoid security attacks by
.htaccessalterations).
By the way in your example you use <Directory> and this will always be wrong, Directory instructions are always containing a path, like <Directory /> or
<Directory C:>or
<Directory /my/path/to/a/directory>. And of course this cannot be put in a
.htaccessas a
.htaccessis like a Directory instruction but in a file present in this directory. Of course you cannot alter
AllowOverridein a
.htaccessas this instruction is managing the security level of
.htaccessfiles.
No comments:
Post a Comment