Apache Configuration

Configuring Apache and what the different files and entries are
Originally Apache used three configuration files, access.conf, httpd.conf, and srm.conf
The access.conf file contained all the access settings to the directories for apache
The httpd.conf contained all the server related information and host information and
The srm.conf file contained all the server resources and module information.
Apache now uses just one configuration file, httpd.conf.
I will denote where the information was contained in the old system while covering the entries in case you have a three file configuration
<Directory> </Directory> tag

Inside these tags you define the security measures within in the defined directory (and its sub directories). This will include all subdirectories of the defined directory unless the sub directory is defined in another <Directory> tag.

You will find in the default access.conf file that the first definition is <Directory /> This applies to the root directory (associated with Apache, not necessary the / directory of the system, defined later).

Here the default defines Options None and AllowOverride None. Lets define the functions of Options and AllowOverride.

Here you define what can and can't happen in the defined directory. The Options are:
  1. None
    • Will not allow any special function in the directory
  2. All
    • Will allow all special functions in the directory
  3. Indexes
    • If a URL which maps to a directory is requested, and the there is no DirectoryIndex (e.g., index.html) in that directory, then the server will return a formatted listing of the directory.
  4. Includes
    • Server-side includes are permitted.
  5. IncludesNOEXEC
    • Server-side includes are permitted, but the #exec command and #include of CGI scripts are disabled.
  6. FollowSymLinks
    • The server will follow symbolic links in this directory.
    • Note: even though the server follows the symlink it does not change the pathname used to match against <Directory> sections.
    • Note: this option gets ignored if set inside a <Location> section.
  7. ExecCGI
    • Execution of CGI scripts is permitted.
  8. MultiViews
    • Content negotiated MultiViews are allowed. (Advanced Feature, not covered in this documentation yet
  9. SymLinksIfOwnerMatch
    • The server will only follow symbolic links for which the target file or directory is owned by the same user id as the link.
    • Note: this option gets ignored if set inside a <Location> section.
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Override can be set to None, in which case the server will not read the file, All in which case the server will allow all the directives, or one or more of the following:
  1. AuthConfig
    • Allow use of the authorization directives (AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, require, etc.)
  2. FileInfo
    • Allow use of the directives controlling document types (AddEncoding, AddLanguage, AddType, DefaultType, ErrorDocument, LanguagePriority, etc.)
  3. Indexes
    • Allow use of the directives controlling directory indexing (AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc.)
  4. Limit
    • Allow use of the directives controlling host access (allow, deny and order)
  5. Options
    • Allow use of the directives controlling specific directory features
The next section of the access.conf file contains the <Directory /home/httpd/html> section (or something similar). Here we define the capabilities of the /home/httpd/html directory and its sub directories (usually the DocumentRoot for the webserver). You will notice in the first example, <Directory />, none of the options where turned on and no override was allowed. This is to secure the areas normally outside the Apache working area in case someone attempts to use their ability to access their web area to access other, more sensitive, areas of the hard drive. In this example you see that Options is set to Indexes, Includes, and FollowSymlinks to allow indexing of web directories, the use of the #include tag in html documents, and the use of symbolic links in web accessable directories. The AllowOverride is set to none so that alteration of this defination can not be made with an .htaccess file. This is set rather tight and can be changed by you, this is a security issue that you need to address and will depend on who has access to create web pages on your machine and how much you trust them.
Next Page

Created by Red Dragon for Red Dragon Enterprises™.
Red Dragon Enterprises™ © Dec 2001. All rights reserved.