sections.xml revision d8ef5ab04fa7d8c250afe57b3cf834b68be63aa2
fa9e4066f08beec538e775443c5be79dd423fcabahrens<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
fa9e4066f08beec538e775443c5be79dd423fcabahrenshref="configuring.html">configuration files</a> may apply to the
fa9e4066f08beec538e775443c5be79dd423fcabahrensentire server, or they may be restricted to apply only to particular
fa9e4066f08beec538e775443c5be79dd423fcabahrensdirectories, files, hosts, or URLs. This document describes how to
fa9e4066f08beec538e775443c5be79dd423fcabahrensuse configuration section containers or <code>.htaccess</code> files
fa9e4066f08beec538e775443c5be79dd423fcabahrensto change the scope of other configuration directives.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<section id="types"><title>Types of Configuration Section Containers</title>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<modulelist>
fa9e4066f08beec538e775443c5be79dd423fcabahrens</modulelist>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directivelist>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Directory</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">DirectoryMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Files</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">FilesMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">IfDefine</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">IfModule</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Location</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">LocationMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="mod_proxy">Proxy</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="mod_proxy">ProxyMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">VirtualHost</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens</directivelist>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>There are two basic types of containers. Most containers are
fa9e4066f08beec538e775443c5be79dd423fcabahrensevaluated for each request. The enclosed directives are applied only
fa9e4066f08beec538e775443c5be79dd423fcabahrensfor those requests that match the containers. The <directive
fa9e4066f08beec538e775443c5be79dd423fcabahrenstype="section" module="core">IfDefine</directive> and <directive
fa9e4066f08beec538e775443c5be79dd423fcabahrenstype="section" module="core">IfModule</directive> containers, on the
fa9e4066f08beec538e775443c5be79dd423fcabahrensother hand, are evaluated only at server startup and restart. If
fa9e4066f08beec538e775443c5be79dd423fcabahrenstheir conditions are true at startup, then the enclosed directives
fa9e4066f08beec538e775443c5be79dd423fcabahrenswill apply to all requests. If the conditions are not true, the
fa9e4066f08beec538e775443c5be79dd423fcabahrensenclosed directives will be ignored.</p>
b1b8ab34de515a5e83206da22c3d7e563241b021lling<p>The <directive type="section" module="core">IfDefine</directive> directive
fa9e4066f08beec538e775443c5be79dd423fcabahrensencloses directives that will only be applied if an appropriate
fa9e4066f08beec538e775443c5be79dd423fcabahrensparameter is defined on the <code>httpd</code> command line. For example,
fa9e4066f08beec538e775443c5be79dd423fcabahrenswith the following configuration, all requests will be redirected
fa9e4066f08beec538e775443c5be79dd423fcabahrensto another site only if the server is started using
66e2aacc02a4625d105fb249ad16c27e79604ff2gw<IfDefine ClosedForNow><br />
66e2aacc02a4625d105fb249ad16c27e79604ff2gw</IfDefine>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>The <directive type="section" module="core">IfModule</directive>
66e2aacc02a4625d105fb249ad16c27e79604ff2gwdirective is very similar, except it encloses directives that will
fa9e4066f08beec538e775443c5be79dd423fcabahrensonly be applied if a particular module is available in the server.
fa9e4066f08beec538e775443c5be79dd423fcabahrensThe module must either be statically compiled in the server, or it
fa9e4066f08beec538e775443c5be79dd423fcabahrensmust be dynamically compiled and its <directive
fa9e4066f08beec538e775443c5be79dd423fcabahrensmodule="mod_so">LoadModule</directive> line must be earlier in the
fa9e4066f08beec538e775443c5be79dd423fcabahrensconfiguration file. This directive should only be used if you need
fa9e4066f08beec538e775443c5be79dd423fcabahrensyour configuration file to work whether or not certain modules are
fa9e4066f08beec538e775443c5be79dd423fcabahrensinstalled. It should not be used to enclose directives that you want
fa9e4066f08beec538e775443c5be79dd423fcabahrensto work all the time, because it can suppress useful error messages
fa9e4066f08beec538e775443c5be79dd423fcabahrensabout missing modules.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrensmodule="mod_mime_magic">MimeMagicFiles</directive> directive will be
fa9e4066f08beec538e775443c5be79dd423fcabahrensapplied only if <module>mod_mime_magic</module> is available.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens</IfModule>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>Both <directive type="section" module="core">IfDefine</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrensand <directive type="section" module="core">IfModule</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrenscan apply negative conditions by preceding their test with "!".
fa9e4066f08beec538e775443c5be79dd423fcabahrensAlso, these sections can be nested to achieve more complex
fa9e4066f08beec538e775443c5be79dd423fcabahrensrestrictions.</p>
66e2aacc02a4625d105fb249ad16c27e79604ff2gw<section id="file-and-web"><title>Filesystem and Webspace</title>
e9dbad6f263d5570ed7ff5443ec5b958af8c24d7eschrock<p>The most commonly used configuration section containers are the
66e2aacc02a4625d105fb249ad16c27e79604ff2gwones that change the configuration of particular places in the
66e2aacc02a4625d105fb249ad16c27e79604ff2gwfilesystem or webspace. First, it is important to understand the
7b55fa8ea6046becb3b72f8886a503979c322084ckdifference between the two. The filesystem is the view of your disks
d0ad202d2eff2cc0c70ee550686a703ddda7106cahrensas seen by your operating system. For example, in a default install,
b1b8ab34de515a5e83206da22c3d7e563241b021llingApache resides at <code>/usr/local/apache2</code> in the Unix
b1b8ab34de515a5e83206da22c3d7e563241b021llingfilesystem or <code>"c:/Program Files/Apache Group/Apache2"</code> in
fa9e4066f08beec538e775443c5be79dd423fcabahrensthe Windows filesystem. (Note that forward slashes should always be
fa9e4066f08beec538e775443c5be79dd423fcabahrensused as the path separator in Apache, even for Windows.) In contrast,
b1b8ab34de515a5e83206da22c3d7e563241b021llingthe webspace is the view of your site as delivered by the web server
b1b8ab34de515a5e83206da22c3d7e563241b021llingand seen by the client. So the path <code>/dir/</code> in the
7f7322febbcfe774b7270abc3b191c094bfcc517eschrockwebspace corresponds to the path
7f7322febbcfe774b7270abc3b191c094bfcc517eschrock<code>/usr/local/apache2/htdocs/dir/</code> in the filesystem of a
7f7322febbcfe774b7270abc3b191c094bfcc517eschrockdefault Apache install on Unix. The webspace need not map directly to
b1b8ab34de515a5e83206da22c3d7e563241b021llingthe filesystem, since webpages may be generated dynamically
b1b8ab34de515a5e83206da22c3d7e563241b021llingfrom databases or other locations.</p>
b1b8ab34de515a5e83206da22c3d7e563241b021lling<section id="filesystem"><title>Filesystem Containers</title>
b1b8ab34de515a5e83206da22c3d7e563241b021lling<p>The <directive type="section" module="core">Directory</directive>
b1b8ab34de515a5e83206da22c3d7e563241b021llingand <directive type="section" module="core">Files</directive>
b1b8ab34de515a5e83206da22c3d7e563241b021llingdirectives, along with their regex counterparts, apply directives to
b1b8ab34de515a5e83206da22c3d7e563241b021llingparts of the filesystem. Directives enclosed in a <directive
b1b8ab34de515a5e83206da22c3d7e563241b021llingtype="section" module="core">Directory</directive> section apply to
fa9e4066f08beec538e775443c5be79dd423fcabahrensthe named filesystem directory and all subdirectories of that
fa9e4066f08beec538e775443c5be79dd423fcabahrensdirectory. The same effect can be obtained using <a
fa9e4066f08beec538e775443c5be79dd423fcabahrenshref="howto/htaccess.html">.htaccess files</a>. For example, in the
fa9e4066f08beec538e775443c5be79dd423fcabahrensfollowing configuration, directory indexes will be enabled for the
b1b8ab34de515a5e83206da22c3d7e563241b021lling<code>/var/web/dir1</code> directory and all subdirectories.</p>
e9dbad6f263d5570ed7ff5443ec5b958af8c24d7eschrockOptions +Indexes<br />
b1b8ab34de515a5e83206da22c3d7e563241b021lling</Directory>
acd76fe5a01cfab51c34c67df884b68562a97f3feschrock<p>Directives enclosed in a <directive type="section"
acd76fe5a01cfab51c34c67df884b68562a97f3feschrockmodule="core">Files</directive> section apply to any file with
99653d4ee642c6528e88224f12409a5f23060994eschrockthe specified name, regardless of what directory it lies in.
66e2aacc02a4625d105fb249ad16c27e79604ff2gwSo for example, the following configuration directives will,
66e2aacc02a4625d105fb249ad16c27e79604ff2gwwhen placed in the main section of the configuration file,
66e2aacc02a4625d105fb249ad16c27e79604ff2gwdeny access to any file named <code>private.html</code> regardless
66e2aacc02a4625d105fb249ad16c27e79604ff2gwof where it is found.</p>
66e2aacc02a4625d105fb249ad16c27e79604ff2gwOrder allow,deny<br />
eaca9bbd5f5d1e4e554da4c7108e8a03c8c33481eschrockDeny from all<br />
99653d4ee642c6528e88224f12409a5f23060994eschrock</Files>
44cd46cadd9aab751dae6a4023c1cb5bf316d274billm<p>To address files found in a particular part of the filesystem, the
99653d4ee642c6528e88224f12409a5f23060994eschrock<directive type="section" module="core">Files</directive> and
d7306b64c847d897abb9ece8624fca9cf28d358fek<directive type="section" module="core">Directory</directive> sections
c9431fa1e59a88c2f0abf611f25b97af964449e5ahlcan be combined. For example, the following configuration will deny
b1b8ab34de515a5e83206da22c3d7e563241b021lling<code>/var/web/dir1/subdir3/private.html</code>, and any other instance
b1b8ab34de515a5e83206da22c3d7e563241b021llingof <code>private.html</code> found under the <code>/var/web/dir1/</code>
b1b8ab34de515a5e83206da22c3d7e563241b021llingdirectory.</p>
44cd46cadd9aab751dae6a4023c1cb5bf316d274billmOrder allow,deny<br />
44cd46cadd9aab751dae6a4023c1cb5bf316d274billmDeny from all<br />
44cd46cadd9aab751dae6a4023c1cb5bf316d274billm</Files><br />
44cd46cadd9aab751dae6a4023c1cb5bf316d274billm</Directory>
44cd46cadd9aab751dae6a4023c1cb5bf316d274billm<section id="webspace"><title>Webspace Containers</title>
44cd46cadd9aab751dae6a4023c1cb5bf316d274billm<p>The <directive type="section" module="core">Location</directive>
44cd46cadd9aab751dae6a4023c1cb5bf316d274billmdirective and its regex counterpart, on the other hand, change the
44cd46cadd9aab751dae6a4023c1cb5bf316d274billmconfiguration for content in the webspace. For example, the following
44cd46cadd9aab751dae6a4023c1cb5bf316d274billmconfiguration prevents access to any URL-path that begins in /private.
99653d4ee642c6528e88224f12409a5f23060994eschrockIn particular, it will apply to requests for
99653d4ee642c6528e88224f12409a5f23060994eschrock<code>http://yoursite.example.com/private123</code>, and
99653d4ee642c6528e88224f12409a5f23060994eschrock<code>http://yoursite.example.com/private/dir/file.html</code> as well
99653d4ee642c6528e88224f12409a5f23060994eschrockas any other requests starting with the <code>/private</code> string.</p>
b1b8ab34de515a5e83206da22c3d7e563241b021lling<Location /private><br />
eaca9bbd5f5d1e4e554da4c7108e8a03c8c33481eschrockOrder Allow,Deny<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensDeny from all<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrens</Location>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>The <directive type="section" module="core">Location</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrensdirective need not have anything to do with the filesystem.
fa9e4066f08beec538e775443c5be79dd423fcabahrensFor example, the following example shows how to map a particular
fa9e4066f08beec538e775443c5be79dd423fcabahrensURL to an internal Apache handler provided by <module>mod_status</module>.
fa9e4066f08beec538e775443c5be79dd423fcabahrensNo file called <code>server-status</code> needs to exist in the
fa9e4066f08beec538e775443c5be79dd423fcabahrensfilesystem.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<Location /server-status><br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensSetHandler server-status<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrens</Location>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<section id="wildcards"><title>Wildcards and Regular Expressions</title>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>The <directive type="section" module="core">Directory</directive>,
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Files</directive>, and
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Location</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrensdirectives can each use shell-style wildcard characters as in
afefbcddfd8caf5f3b2da510d9439471ab225040eschrock<code>fnmatch</code> from the C standard library. The character "*"
441d80aa4f613b6298fc8bd3151f4be02dbf84fcllingmatches any sequence of characters, "?" matches any single character,
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrockand "[<em>seq</em>]" matches any character in <em>seq</em>. The "/"
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrockcharacter will not be matched by any wildcard; it must be specified
99653d4ee642c6528e88224f12409a5f23060994eschrockexplicitly.</p>
99653d4ee642c6528e88224f12409a5f23060994eschrock<p>If even more flexible matching is required, each
95173954d2b811ceb583a9012c3b16e1d0dd6438ekcontainer has a regular-expression (regex) counterpart <directive
95173954d2b811ceb583a9012c3b16e1d0dd6438ektype="section" module="core">DirectoryMatch</directive>, <directive
95173954d2b811ceb583a9012c3b16e1d0dd6438ektype="section" module="core">FilesMatch</directive>, and <directive
fa9e4066f08beec538e775443c5be79dd423fcabahrenstype="section" module="core">LocationMatch</directive> that allow
fa9e4066f08beec538e775443c5be79dd423fcabahrensperl-compatible
fa9e4066f08beec538e775443c5be79dd423fcabahrensto be used in choosing the matches. But see the section below on
fa9e4066f08beec538e775443c5be79dd423fcabahrensconfiguration merging to find out how using regex sections will change
fa9e4066f08beec538e775443c5be79dd423fcabahrenshow directives are applied.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>A non-regex wildcard section that changes the configuration of
99653d4ee642c6528e88224f12409a5f23060994eschrockall user directories could look as follows:</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<Directory /home/*/public_html><br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensOptions Indexes<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrens</Directory>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>Using regex sections, we can deny access to many types of image files
fa9e4066f08beec538e775443c5be79dd423fcabahrensat once:</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<FilesMatch \.(?i:gif|jpe?g|png)$><br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensOrder allow,deny<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensDeny from all<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrens</FilesMatch>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<section id="whichwhen"><title>What to use When</title>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>Choosing between filesystem containers and webspace containers is
fa9e4066f08beec538e775443c5be79dd423fcabahrensactually quite easy. When applying directives to objects that reside
fa9e4066f08beec538e775443c5be79dd423fcabahrensin the filesystem always use <directive type="section"
fa9e4066f08beec538e775443c5be79dd423fcabahrensmodule="core">Directory</directive> or <directive type="section"
fa9e4066f08beec538e775443c5be79dd423fcabahrensmodule="core">Files</directive>. When applying directives to objects
fa9e4066f08beec538e775443c5be79dd423fcabahrensthat do not reside in the filesystem (such as a webpage generated from
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>It is important to never use <directive type="section"
fa9e4066f08beec538e775443c5be79dd423fcabahrensmodule="core">Location</directive> when trying to restrict
fa9e4066f08beec538e775443c5be79dd423fcabahrensaccess to objects in the filesystem. This is because many
fa9e4066f08beec538e775443c5be79dd423fcabahrensdifferent webspace locations (URLs) could map to the same filesystem
fa9e4066f08beec538e775443c5be79dd423fcabahrenslocation, allowing your restrictions to be circumvented.
fa9e4066f08beec538e775443c5be79dd423fcabahrensFor example, consider the following configuration:</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<Location /dir/><br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensOrder allow,deny<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensDeny from all<br />
eaca9bbd5f5d1e4e554da4c7108e8a03c8c33481eschrock</Location>
99653d4ee642c6528e88224f12409a5f23060994eschrock<p>This works fine if the request is for
fa9e4066f08beec538e775443c5be79dd423fcabahrens<code>http://yoursite.example.com/dir/</code>. But what if you are on
fa9e4066f08beec538e775443c5be79dd423fcabahrensa case-insensitive filesystem? Then your restriction could be easily
fa9e4066f08beec538e775443c5be79dd423fcabahrenscircumvented by requesting
46a2abf27af40eda17a3f97e79eda1aef4e3c3c8eschrock<code>http://yoursite.example.com/DIR/</code>. The <directive
99653d4ee642c6528e88224f12409a5f23060994eschrocktype="section" module="core">Directory</directive> directive, in
46a2abf27af40eda17a3f97e79eda1aef4e3c3c8eschrockcontrast, will apply to any content served from that location,
fa9e4066f08beec538e775443c5be79dd423fcabahrensregardless of how it is called. (An exception is filesystem links.
fa9e4066f08beec538e775443c5be79dd423fcabahrensThe same directory can be placed in more than one part of the
fa9e4066f08beec538e775443c5be79dd423fcabahrensfilesystem using symbolic links. The <directive type="section"
fa9e4066f08beec538e775443c5be79dd423fcabahrensmodule="core">Directory</directive> directive will follow the symbolic
fa9e4066f08beec538e775443c5be79dd423fcabahrenslink without resetting the pathname. Therefore, for the highest level
99653d4ee642c6528e88224f12409a5f23060994eschrockof security, symbolic links should be disabled with the appropriate
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive module="core">Options</directive> directive.)</p>
46a2abf27af40eda17a3f97e79eda1aef4e3c3c8eschrock<p>If you are, perhaps, thinking that none of this applies to you
fa9e4066f08beec538e775443c5be79dd423fcabahrensbecause you use a case-sensitive filesystem, remember that there are
fa9e4066f08beec538e775443c5be79dd423fcabahrensmany other ways to map multiple webspace locations to the same
fa9e4066f08beec538e775443c5be79dd423fcabahrensfilesystem location. Therefore you should always use the filesystem
fa9e4066f08beec538e775443c5be79dd423fcabahrenscontainers when you can. There is, however, one exception to this
fa9e4066f08beec538e775443c5be79dd423fcabahrensrule. Putting configuration restrictions in a <code><Location
fa9e4066f08beec538e775443c5be79dd423fcabahrens/></code> section is perfectly safe because this section will apply
fa9e4066f08beec538e775443c5be79dd423fcabahrensto all requests regardless of the specific URL.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<section id="virtualhost"><title>Virtual Hosts</title>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>The <directive type="section" module="core">VirtualHost</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrenscontainer encloses directives that apply to specific hosts.
fa9e4066f08beec538e775443c5be79dd423fcabahrensThis is useful when serving multiple hosts from the same machine
fa9e4066f08beec538e775443c5be79dd423fcabahrenswith a different configuration for each. For more information,
fa9e4066f08beec538e775443c5be79dd423fcabahrenssee the <a href="vhosts/">Virtual Host Documentation</a>.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>The <directive type="section" module="mod_proxy">Proxy</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrensand <directive type="section" module="mod_proxy">ProxyMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrenscontainers apply enclosed configuration directives only
fa9e4066f08beec538e775443c5be79dd423fcabahrensto sites accessed through <module>mod_proxy</module>'s proxy server
fa9e4066f08beec538e775443c5be79dd423fcabahrensthat match the specified URL. For example, the following configuration
fa9e4066f08beec538e775443c5be79dd423fcabahrenswill prevent the proxy server from being used to access the
fa9e4066f08beec538e775443c5be79dd423fcabahrensOrder allow,deny<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrensDeny from all<br />
fa9e4066f08beec538e775443c5be79dd423fcabahrens</Proxy>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<section id="whatwhere"><title>What Directives are Allowed?</title>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>To find out what directives are allowed in what types of
fa9e4066f08beec538e775443c5be79dd423fcabahrensconfiguration sections, check the <a
fa9e4066f08beec538e775443c5be79dd423fcabahrenshref="mod/directive-dict.html#Context">Context</a> of the directive.
fa9e4066f08beec538e775443c5be79dd423fcabahrensEverything that is allowed in
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Directory</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrenssections is also syntactically allowed in
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">DirectoryMatch</directive>,
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Files</directive>,
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">FilesMatch</directive>,
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">Location</directive>,
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="core">LocationMatch</directive>,
fa9e4066f08beec538e775443c5be79dd423fcabahrens<directive type="section" module="mod_proxy">Proxy</directive>,
fa9e4066f08beec538e775443c5be79dd423fcabahrensand <directive type="section" module="mod_proxy">ProxyMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrenssections. There are some exceptions, however:</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<li>The <directive module="core">AllowOverride</directive> directive
fa9e4066f08beec538e775443c5be79dd423fcabahrensworks only in <directive type="section" module="core">Directory</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrenssections.</li>
fa9e4066f08beec538e775443c5be79dd423fcabahrensmodule="core">Options</directive> work only in <directive
fa9e4066f08beec538e775443c5be79dd423fcabahrenstype="section" module="core">Directory</directive> sections or
fa9e4066f08beec538e775443c5be79dd423fcabahrens<li>The <directive module="core">Options</directive> directive cannot
fa9e4066f08beec538e775443c5be79dd423fcabahrensbe used in <directive type="section" module="core">Files</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrensand <directive type="section" module="core">FilesMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrenssections.</li>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<section id="mergin"><title>How the sections are merged</title>
fa9e4066f08beec538e775443c5be79dd423fcabahrens<p>The configuration sections are applied in a very particular order.
fa9e4066f08beec538e775443c5be79dd423fcabahrensSince this can have important effects on how configuration directives
fa9e4066f08beec538e775443c5be79dd423fcabahrensare interpreted, it is important to understand how this works.</p>
fa9e4066f08beec538e775443c5be79dd423fcabahrens module="core">Directory</directive> (except regular expressions)
eaca9bbd5f5d1e4e554da4c7108e8a03c8c33481eschrock <directive type="section" module="core">Directory</directive>)</li>
06eeb2ad640ce72d394ac521094bed7681044408ek <li><directive type="section" module="core">DirectoryMatch</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens type="section" module="core">FilesMatch</directive> done
fa9e4066f08beec538e775443c5be79dd423fcabahrens simultaneously</li>
fa9e4066f08beec538e775443c5be79dd423fcabahrens <li><directive type="section" module="core">Location</directive>
fa9e4066f08beec538e775443c5be79dd423fcabahrens module="core">LocationMatch</directive> done simultaneously</li>
fa9e4066f08beec538e775443c5be79dd423fcabahrens module="core">Directory</directive>, each group is processed in
fa9e4066f08beec538e775443c5be79dd423fcabahrens the order that they appear in the configuration files. <directive
fa9e4066f08beec538e775443c5be79dd423fcabahrens type="section" module="core">Directory</directive> (group 1 above)
fa9e4066f08beec538e775443c5be79dd423fcabahrens is processed in the order shortest directory component to longest.
fa9e4066f08beec538e775443c5be79dd423fcabahrens So for example, <code><Directory /var/web/dir></code> will
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock be processed before <code><Directory
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock /var/web/dir/subdir></code>. If multiple <directive
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock type="section" module="core">Directory</directive> sections apply
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock to the same directory they are processed in the configuration file
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock order. Configurations included via the <directive
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock module="core">Include</directive> directive will be treated as if
1d452cf5123cb6ac0a013a4dbd4dcceeb0da314dahrens they were inside the including file at the location of the
1d452cf5123cb6ac0a013a4dbd4dcceeb0da314dahrens <directive module="core">Include</directive> directive.</p>
b1b8ab34de515a5e83206da22c3d7e563241b021lling are applied <em>after</em> the corresponding sections outside
b1b8ab34de515a5e83206da22c3d7e563241b021lling the virtual host definition. This allows virtual hosts to
fa9e4066f08beec538e775443c5be79dd423fcabahrens override the main server configuration.</p>
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock <p>When the request is served by <module>mod_proxy</module>, the
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock <directive module="mod_proxy" type="section">Proxy</directive>
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock container takes the place of the <directive module="core"
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock type="section">Directory</directive> container in the processing
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock There is actually a
e9dbad6f263d5570ed7ff5443ec5b958af8c24d7eschrock <code><Location></code>/<code><LocationMatch></code>
e9dbad6f263d5570ed7ff5443ec5b958af8c24d7eschrock sequence performed just before the name translation phase
e9dbad6f263d5570ed7ff5443ec5b958af8c24d7eschrock (where <code>Aliases</code> and <code>DocumentRoots</code>
55434c770c89aa1b84474f2559a106803511aba0ek are used to map URLs to filenames). The results of this
e9dbad6f263d5570ed7ff5443ec5b958af8c24d7eschrock sequence are completely thrown away after the translation has
06eeb2ad640ce72d394ac521094bed7681044408ek<p>Below is an artificial example to show the order of
06eeb2ad640ce72d394ac521094bed7681044408ekmerging. Assuming they all apply to the request, the directives in
06eeb2ad640ce72d394ac521094bed7681044408ekthis example will be applied in the order A > B > C > D >
06eeb2ad640ce72d394ac521094bed7681044408ek<Location /><br />
fa9e4066f08beec538e775443c5be79dd423fcabahrens</Location><br />