You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Andreas Prilop <an...@trashmail.net> on 2008/09/12 16:28:01 UTC

[users@httpd] Default value of AllowOverride

Which is the default value of AllowOverride?

http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
claims that the default is
  AllowOverride All

However, /etc/apache2/sites-available/default contains
  <Directory />
  AllowOverride None
  </Directory>

Does this mean that the default is "none"?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Default value of AllowOverride

Posted by Frank Gingras <fr...@gmail.com>.

Andreas,

No, the documentation is accurate. The purpose of this <Directory> 
block, as included in the stock config files and most packages prepared 
by linux distribution maintainers, is to ensure that the root of your 
filesystem, /, is not accessible from malicious scripts trying to 
exploit your web server.

It should not be altered, or removed.

What you need to do is 'allow' access to the directory where your 
content is, with something like:

<Directory /path/to/my/docroot/>
  Allow from all
  AllowOverride <your list here>
</Directory>

Andreas Prilop wrote:
> Which is the default value of AllowOverride?
>
> http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
> claims that the default is
>   AllowOverride All
>
> However, /etc/apache2/sites-available/default contains
>   <Directory />
>   AllowOverride None
>   </Directory>
>
> Does this mean that the default is "none"?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Default value of AllowOverride

Posted by André Warnier <aw...@ice-sa.com>.

Andreas Prilop wrote:
> Which is the default value of AllowOverride?
> 
> http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
> claims that the default is
>   AllowOverride All
> 
> However, /etc/apache2/sites-available/default contains
>   <Directory />
>   AllowOverride None
>   </Directory>
> 
> Does this mean that the default is "none"?
> 
No.
I don't know the answer to your main question, but the fact that 
/etc/apache2/sites-available/default contains something, only means that 
*for that Virtual Server* (the one defined in that file, and which is 
presumably the one that handles all calls that have no proper "Host" 
header), the value is "None".

Each of your other VirtualHosts has its own value, and if it does not, 
then it uses the value (if any) defined in the "main" section of your 
Apache configuration.
That is whatever directives are *before* the NameVirtualHosts line, in 
the /etc/apache2/apache2.conf file.
Those are the defaults used by all VirtualHosts.

André


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Default value of AllowOverride

Posted by Davide Bianchi <da...@onlyforfun.net>.

Andreas Prilop wrote:
> Which is the default value of AllowOverride?
> 
> http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
> claims that the default is
>   AllowOverride All
> 
> However, /etc/apache2/sites-available/default contains
>   <Directory />
>   AllowOverride None
>   </Directory>
> 
> Does this mean that the default is "none"?

The "default" value of AllowOverride is All, means that if you _do not
have_ such directive the value is 'All'. The value that is _normally_ in
the config file is 'None' for security.

Davide

-- 
"If you do things right, people won't be sure you've done anything at
all." - Futurama

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org