This directive tells Apache which directives in an .htaccess file can override earlier directives.
AllowOverride override1 override2 ...
Directory
The list of
AllowOverride overrides is as follows:
AuthConfig
Allows individual settings of AuthDBMGroupFile,
AuthDBMUserFile, AuthGroupFile,
AuthName, AuthType,
AuthUserFile, and require
FileInfo
Allows AddType, AddEncoding,
AddLanguage, AddCharset,
AddHandler, RemoveHandler,
LanguagePriority,
ErrorDocument, DefaultType,
Action, Redirect,
RedirectMatch, RedirectTemp,
RedirectPermanent, PassEnv,
SetEnv, UnsetEnv,
Header, RewriteEnging,
RewriteOptions, RewriteBase,
RewriteCond, RewriteRule,
CookieTracking, and Cookiename
Indexes
Allows FancyIndexing, AddIcon,
AddDescription (see Chapter 7)
Limit
Can limit access based on hostname or IP number
Options
Allows the use of the Options directive (see Chapter 13)
All
All of the previous
None
None of the previous
You might ask: if none switches multiple searches
off, which of these options switches it on? The answer is any of
them, or the complete absence of AllowOverride. In
other words, it is on by default.
To illustrate how this works, look at
.../site.htaccess/httpd3.conf, which is
httpd2.conf with the authentication directives
on the salespeople’s directory back in
again. The Config filewants cleaners; the
.
myaccess file wants
directors. If we now put the authorization
directives, favoring cleaners, back into the
Config file:
User webuser Group webgroup ServerName www.butterthlies.com AccessFileName .myaccess ServerAdmin sales@butterthlies.com DocumentRoot /usr/www/APACHE3/site.htaccess/htdocs/salesmen ErrorLog /usr/www/APACHE3/site.htaccess/logs/error_log TransferLog /usr/www/APACHE3/site.htaccess/logs/access_log ServerName sales.butterthlies.com #AllowOverride None AuthType Basic AuthName darkness AuthUserFile /usr/www/APACHE3/ok_users/sales AuthGroupFile /usr/www/APACHE3/ok_users/groups require group cleaners
and restart Apache, we find that we have to be a director (Bill or Ben). But, if we edit the Config file and uncomment the line:
... AllowOverride None ...
we find that we have turned off the .htaccess
method and that cleaners are back in fashion. In
real life, the webmaster might impose a general policy of access
control with this:
.. AllowOverride AuthConfig ... require valid-user ...
The owners of the various pages could then limit their visitors further with this:
require group directors
See .../site.htaccess/httpd4.conf. As can be
seen, AllowOverride makes it possible for
individual directories to be precisely tailored.