July 22nd, 2013, 09:09 PM
I am using an apache server and directory access is disabled. I would like to allow directory access for one directory only. I go into that directory and I issue the following:
and inside that file I write:
I save the file and try to access the directory from the web browser and I can't.
Rats! What am I doing wrong?
July 22nd, 2013, 10:12 PM
July 23rd, 2013, 12:17 AM
Allow from all
I see. How do I modify this to allow one directory only?
July 23rd, 2013, 01:13 AM
Actually <Directory /> should have AllowOverride None, then <Directory your site> should (since you need it) have AllowOverride Options (or AllowOverride All if you want everything). Then you can use a .htaccess file.
Easiest way to check if you can use a .htaccess file: put random, nonsense junk in it and make sure you get a 500 error when you try to browse your site.
July 23rd, 2013, 07:38 AM
Is this what you recommend?
Originally Posted by requinix
July 23rd, 2013, 12:14 PM
July 23rd, 2013, 02:38 PM
Oy vey. If you already have access to httpd.conf, why are you overriding stuff to use .htaccess? You can directly put that configuration setting in httpd.conf. If anything, enabling .htaccess use slows your webserver performance quite a bit. This is how you should configure httpd.conf
Options FollowSymLinks Indexes
The Options lines will enable indexes on /home/site/public_html/special_directory/ and below only. If you enable .htaccess use in your httpd.conf, every time a request comes in (say to http://yourdomain.com/path/to/file.html), the webserver has to check for .htaccess in /home/site/public_html/path/to, then check for .htaccess in /home/site/public_html/path and then check for .htaccess in /home/site/public_html/ and merge the contents of the various .htaccess files (if they exist) to the final config and then make a decision based on that as to whether it needs to serve the file or not. And this happens on *every* request. Which means multiple file accesses (and possibly reads) for every request to /path/to/file.html.
Now if you have access to httpd.conf and do the configuration there directly and don't enable .htaccess in there, then the config is loaded when the webserver starts up and it doesn't reread the config for every request. Which is why it is a lot more efficient to do it this way.
IMHO .htaccess should only be used if you are using a shared web server with other people (since you don't need to restart the webserver if you change .htaccess). However, if you are using your own webserver, it is much better to disable .htaccess (set AllowOverride to None or don't set it at all (which makes the setting None by default)) and make your changes directly in httpd.conf.
Incidentally, this isn't just my advice, it is the advice given by the folks who write the Apache web server.
Right at the very top of the page, they say:
and a little further down, they say:
'Nuff said .
Comments on this post
Last edited by Scorpions4ever; July 23rd, 2013 at 02:42 PM.
Up the Irons
What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
"Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
Down with Sharon Osbourne
"I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
July 23rd, 2013, 04:09 PM
I do have a access to http.conf file and everyone's input is greatly valued.