for NetWare hosts and mpm_winnt for Windows NT platforms. An MPM named perchild, which provides user ID assignment to selected daemon processes, is under development. For more information, browse to the Apache Software Foundation's home page athttp://www.apache.org/.
Using .htaccess Configuration Files
Apache also supports special configuration files, known as .htaccess files. Almost any directive that appears in httpd.conf can appear in an .htaccess file. This file, specified in the AccessFileName directive in httpd.conf (or srm.conf prior to version 1.3.4) sets configurations on a per-directory (usually in a user directory) basis. As the system administrator, you can specify both the name of this file and which of the server configurations can be overridden by the contents of this file. This is especially useful for sites in which there are multiple content providers and you want to control what these people can do with their spaces.
To limit which server configurations the .htaccess files can override, use the AllowOverride directive. AllowOverride can be set globally or per directory. For example, in your httpd.conf file, you could use the following:
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, it's best to configure the 'default' to be a very restrictive set of
# permissions.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Options Directives
To configure which configuration options are available to Apache by default, you must use the Options directive. Options can be None; All; or any combination of Indexes, Includes, FollowSymLinks, ExecCGI, and MultiViews. MultiViews isn't included in All and must be specified explicitly. These options are explained in Table 17.2.
TABLE 17.2 Switches Used by the Options Directive
| Switch | Description |
|---|---|
None | None of the available options are enabled for this directory. |
All | All the available options, except for MultiViews, are enabled for this directory. |
Indexes | In the absence of an index.html file or another DirectoryIndex file, a listing of the files in the directory is generated as an HTML page for display to the user. |
Includes | Server-side includes (SSIs) are permitted in this directory. This can also be written as IncludesNoExec if you want to allow includes but don't want to allow the exec option in them. For security reasons, this is usually a good idea in directories over which you don't have complete control, such as UserDir directories. |
FollowSymLinks | Allows access to directories that are symbolically linked to a document directory. You should never set this globally for the whole server and only rarely for individual directories. This option is a potential security risk because it allows web users to escape from the document directory and could potentially allow them access to portions of your file system where you really don't want people poking around. |
ExecCGI | CGI programs are permitted in this directory, even if it isn't a directory defined in the ScriptAlias directive. |
MultiViews | This is part of the mod_negotiation module. When a client requests a document that can't be found, the server tries to figure out which document best suits the client's requirements. See http://localhost/manuals/mod/_mod_negotiation.html for your local copy of the Apache documentation. |
These directives also affect all subdirectories of the specified directory.
AllowOverrides DirectivesThe AllowOverrides directives specify which configuration options .htaccess files can override. You can set this directive individually for each directory. For example, you can have different standards about what can be overridden in the main document root and in UserDir directories. This capability is particularly useful for user directories, where the user doesn't have access to the main server configuration files.
