The point of the definition in apache configurations


I noticed that lots of example apache configuration files (and the one that came with my installation) have a block like:

Options FollowSymLinks
AllowOverride None

But I can't understand or find an explanation of what this is for. I mean, what would the web server be doing in any directory other than the document root?

Best Answer

<Directory /> doesn't actually refer to the document root, it refers to the filesystem root. So creating a <Directory /> block is a way to specify directives that apply to all files and directories anywhere on the server. It basically serves as a default setting.

The idea is, you don't want someone to be able to hack your server by, for example, somehow uploading an .htaccess file, just because you forgot to disable .htaccess files in some directory. So you start by disabling .htaccess files everywhere, then you don't have to worry about it. You can still enable them where you need them with AllowOverride directives for specific directories. Same goes for the Options: one of them is ExecCGI, which allows execution of CGI scripts in a particular directory. Obviously you don't want any random program on your system to be runnable as a CGI script; you want to keep them in a particular directory set up just for that purpose. So leaving ExecCGI out of Options in a <Directory /> block disables CGI execution for the entire filesystem, then you can just enable it for the directories you want it in.

There are some ways in which content can be generated that isn't from a file on the filesystem, though... like mod_status, which dynamically creates a report of what the server is doing. Something like that wouldn't be affected by <Directory /> blocks. So if you have directives that aren't file-specific that you really want to apply to the whole server (everything it serves, that is), you can use <Location />.