W3cubDocs

/Apache HTTP Server

Override Class Index for .htaccess

This is an index of the directives that are allowed in .htaccess files for various AllowOverride settings, organized by class. Its intended purpose is to help server administrators verify the privileges they're granting to .htaccess users. For an overview of how .htaccess works, see the .htaccess tutorial.

To determine the set of directives that your server configuration allows .htaccess users to use:

  1. Start with the set of directives in the AllowOverrideList for the directory in question. (By default, this is set to None.)
  2. Find the AllowOverride setting for the directory in question. (By default, it is set to None.) There are two special cases:
    1. If your AllowOverride setting is All, add every directive listed on this page to the list.
    2. If your AllowOverride setting is None, you're done. Only the directives in the AllowOverrideList (if any) will be allowed.
  3. For each override class listed in AllowOverride, look up the corresponding set of directives below and add them to the list.
  4. Finally, add the set of directives that is always allowed in .htaccess (these are listed in the All section, below).

Several of the override classes are quite powerful and give .htaccess users a large amount of control over the server. For a stricter approach, set AllowOverride None and use AllowOverrideList to specify the exact list of directives that .htaccess users are allowed to use.

All

The following directives are allowed in any .htaccess file, as long as overrides are enabled in the server configuration.

<Else> core
Contains directives that apply only if the condition of a previous <If> or <ElseIf> section is not satisfied by a request at runtime
<ElseIf> core
Contains directives that apply only if a condition is satisfied by a request at runtime while the condition of a previous <If> or <ElseIf> section is not satisfied
<Files> core
Contains directives that apply to matched filenames
<FilesMatch> core
Contains directives that apply to regular-expression matched filenames
<If> core
Contains directives that apply only if a condition is satisfied by a request at runtime
<IfDefine> core
Encloses directives that will be processed only if a test is true at startup
<IfModule> core
Encloses directives that are processed conditional on the presence or absence of a specific module
<IfVersion> mod_version
contains version dependent configuration
LimitRequestBody core
Restricts the total size of the HTTP request body sent from the client
LimitXMLRequestBody core
Limits the size of an XML-based request body
LuaCodeCache mod_lua
Configure the compiled code cache.
LuaHookAccessChecker mod_lua
Provide a hook for the access_checker phase of request processing
LuaHookAuthChecker mod_lua
Provide a hook for the auth_checker phase of request processing
LuaHookCheckUserID mod_lua
Provide a hook for the check_user_id phase of request processing
LuaHookFixups mod_lua
Provide a hook for the fixups phase of a request processing
LuaHookInsertFilter mod_lua
Provide a hook for the insert_filter phase of request processing
LuaHookLog mod_lua
Provide a hook for the access log phase of a request processing
LuaHookMapToStorage mod_lua
Provide a hook for the map_to_storage phase of request processing
LuaHookTranslateName mod_lua
Provide a hook for the translate name phase of request processing
LuaHookTypeChecker mod_lua
Provide a hook for the type_checker phase of request processing
LuaInherit mod_lua
Controls how parent configuration sections are merged into children
LuaMapHandler mod_lua
Map a path to a lua handler
LuaPackageCPath mod_lua
Add a directory to lua's package.cpath
LuaPackagePath mod_lua
Add a directory to lua's package.path
LuaQuickHandler mod_lua
Provide a hook for the quick handler of request processing
LuaRoot mod_lua
Specify the base path for resolving relative paths for mod_lua directives
LuaScope mod_lua
One of once, request, conn, thread -- default is once
RLimitCPU core
Limits the CPU consumption of processes launched by Apache httpd children
RLimitMEM core
Limits the memory consumption of processes launched by Apache httpd children
RLimitNPROC core
Limits the number of processes that can be launched by processes launched by Apache httpd children
ServerSignature core
Configures the footer on server-generated documents
SSIErrorMsg mod_include
Error message displayed when there is an SSI error
SSITimeFormat mod_include
Configures the format in which date strings are displayed
SSIUndefinedEcho mod_include
String displayed when an unset variable is echoed

AuthConfig

The following directives are allowed in .htaccess files when AllowOverride AuthConfig is in effect. They give .htaccess users control over the authentication and authorization methods that are applied to their directory subtrees, including several related utility directives for session handling and TLS settings.

Anonymous mod_authn_anon
Specifies userIDs that are allowed access without password verification
Anonymous_LogEmail mod_authn_anon
Sets whether the password entered will be logged in the error log
Anonymous_MustGiveEmail mod_authn_anon
Specifies whether blank passwords are allowed
Anonymous_NoUserID mod_authn_anon
Sets whether the userID field may be empty
Anonymous_VerifyEmail mod_authn_anon
Sets whether to check the password field for a correctly formatted email address
AuthBasicAuthoritative mod_auth_basic
Sets whether authorization and authentication are passed to lower level modules
AuthBasicFake mod_auth_basic
Fake basic authentication using the given expressions for username and password
AuthBasicProvider mod_auth_basic
Sets the authentication provider(s) for this location
AuthBasicUseDigestAlgorithm mod_auth_basic
Check passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication.
AuthDBMGroupFile mod_authz_dbm
Sets the name of the database file containing the list of user groups for authorization
AuthDBMType mod_authn_dbm
Sets the type of database file that is used to store passwords
AuthDBMUserFile mod_authn_dbm
Sets the name of a database file containing the list of users and passwords for authentication
AuthDigestAlgorithm mod_auth_digest
Selects the algorithm used to calculate the challenge and response hashes in digest authentication
AuthDigestDomain mod_auth_digest
URIs that are in the same protection space for digest authentication
AuthDigestNonceLifetime mod_auth_digest
How long the server nonce is valid
AuthDigestProvider mod_auth_digest
Sets the authentication provider(s) for this location
AuthDigestQop mod_auth_digest
Determines the quality-of-protection to use in digest authentication
AuthFormAuthoritative mod_auth_form
Sets whether authorization and authentication are passed to lower level modules
AuthFormProvider mod_auth_form
Sets the authentication provider(s) for this location
AuthGroupFile mod_authz_groupfile
Sets the name of a text file containing the list of user groups for authorization
AuthLDAPAuthorizePrefix mod_authnz_ldap
Specifies the prefix for environment variables set during authorization
AuthLDAPBindAuthoritative mod_authnz_ldap
Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials.
AuthLDAPBindDN mod_authnz_ldap
Optional DN to use in binding to the LDAP server
AuthLDAPBindPassword mod_authnz_ldap
Password used in conjunction with the bind DN
AuthLDAPCompareAsUser mod_authnz_ldap
Use the authenticated user's credentials to perform authorization comparisons
AuthLDAPCompareDNOnServer mod_authnz_ldap
Use the LDAP server to compare the DNs
AuthLDAPDereferenceAliases mod_authnz_ldap
When will the module de-reference aliases
AuthLDAPGroupAttribute mod_authnz_ldap
LDAP attributes used to identify the user members of groups.
AuthLDAPGroupAttributeIsDN mod_authnz_ldap
Use the DN of the client username when checking for group membership
AuthLDAPInitialBindAsUser mod_authnz_ldap
Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server
AuthLDAPInitialBindPattern mod_authnz_ldap
Specifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup
AuthLDAPMaxSubGroupDepth mod_authnz_ldap
Specifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued.
AuthLDAPRemoteUserAttribute mod_authnz_ldap
Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable
AuthLDAPRemoteUserIsDN mod_authnz_ldap
Use the DN of the client username to set the REMOTE_USER environment variable
AuthLDAPSearchAsUser mod_authnz_ldap
Use the authenticated user's credentials to perform authorization searches
AuthLDAPSubGroupAttribute mod_authnz_ldap
Specifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups.
AuthLDAPSubGroupClass mod_authnz_ldap
Specifies which LDAP objectClass values identify directory objects that are groups during sub-group processing.
AuthLDAPUrl mod_authnz_ldap
URL specifying the LDAP search parameters
AuthMerging mod_authz_core
Controls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections.
AuthName mod_authn_core
Authorization realm for use in HTTP authentication
AuthnCacheProvideFor mod_authn_socache
Specify which authn provider(s) to cache for
AuthnCacheTimeout mod_authn_socache
Set a timeout for cache entries
AuthType mod_authn_core
Type of user authentication
AuthUserFile mod_authn_file
Sets the name of a text file containing the list of users and passwords for authentication
AuthzDBMType mod_authz_dbm
Sets the type of database file that is used to store list of user groups
CGIPassAuth core
Enables passing HTTP authorization headers to scripts as CGI variables
LDAPReferralHopLimit mod_ldap
The maximum number of referral hops to chase before terminating an LDAP query.
LDAPReferrals mod_ldap
Enable referral chasing during queries to the LDAP server.
<Limit> core
Restrict enclosed access controls to only certain HTTP methods
<LimitExcept> core
Restrict access controls to all HTTP methods except the named ones
Require mod_authz_core
Tests whether an authenticated user is authorized by an authorization provider.
<RequireAll> mod_authz_core
Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed.
<RequireAny> mod_authz_core
Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed.
<RequireNone> mod_authz_core
Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail.
Satisfy mod_access_compat
Interaction between host-level access control and user authentication
Session mod_session
Enables a session for the current directory or location
SessionEnv mod_session
Control whether the contents of the session are written to the HTTP_SESSION environment variable
SessionHeader mod_session
Import session updates from a given HTTP response header
SessionInclude mod_session
Define URL prefixes for which a session is valid
SessionMaxAge mod_session
Define a maximum age in seconds for a session
SSLCipherSuite mod_ssl
Cipher Suite available for negotiation in SSL handshake
SSLProxyCipherSuite mod_ssl
Cipher Suite available for negotiation in SSL proxy handshake
SSLRenegBufferSize mod_ssl
Set the size for the SSL renegotiation buffer
SSLRequire mod_ssl
Allow access only when an arbitrarily complex boolean expression is true
SSLRequireSSL mod_ssl
Deny access when SSL is not used for the HTTP request
SSLUserName mod_ssl
Variable name to determine user name
SSLVerifyClient mod_ssl
Type of Client Certificate verification
SSLVerifyDepth mod_ssl
Maximum depth of CA Certificates in Client Certificate verification

FileInfo

The following directives are allowed in .htaccess files when AllowOverride FileInfo is in effect. They give .htaccess users a wide range of control over the responses and metadata given by the server.

AcceptPathInfo core
Resources accept trailing pathname information
Action mod_actions
Activates a CGI script for a particular handler or content-type
AddCharset mod_mime
Maps the given filename extensions to the specified content charset
AddDefaultCharset core
Default charset parameter to be added when a response content-type is text/plain or text/html
AddEncoding mod_mime
Maps the given filename extensions to the specified encoding type
AddHandler mod_mime
Maps the filename extensions to the specified handler
AddInputFilter mod_mime
Maps filename extensions to the filters that will process client requests
AddLanguage mod_mime
Maps the given filename extension to the specified content language
AddOutputFilter mod_mime
Maps filename extensions to the filters that will process responses from the server
AddOutputFilterByType mod_filter
assigns an output filter to a particular media-type
AddType mod_mime
Maps the given filename extensions onto the specified content type
BrowserMatch mod_setenvif
Sets environment variables conditional on HTTP User-Agent
BrowserMatchNoCase mod_setenvif
Sets environment variables conditional on User-Agent without respect to case
CGIMapExtension core
Technique for locating the interpreter for CGI scripts
CGIVar core
Controls how some CGI variables are set
CharsetDefault mod_charset_lite
Charset to translate into
CharsetOptions mod_charset_lite
Configures charset translation behavior
CharsetSourceEnc mod_charset_lite
Source charset of files
CookieDomain mod_usertrack
The domain to which the tracking cookie applies
CookieExpires mod_usertrack
Expiry time for the tracking cookie
CookieName mod_usertrack
Name of the tracking cookie
CookieStyle mod_usertrack
Format of the cookie header field
CookieTracking mod_usertrack
Enables tracking cookie
DefaultLanguage mod_mime
Defines a default language-tag to be sent in the Content-Language header field for all resources in the current context that have not been assigned a language-tag by some other means.
DefaultType core
This directive has no effect other than to emit warnings if the value is not none. In prior versions, DefaultType would specify a default media type to assign to response content for which no other media type configuration could be found.
EnableMMAP core
Use memory-mapping to read files during delivery
EnableSendfile core
Use the kernel sendfile support to deliver files to the client
ErrorDocument core
What the server will return to the client in case of an error
FileETag core
File attributes used to create the ETag HTTP response header for static files
ForceLanguagePriority mod_negotiation
Action to take if a single acceptable document is not found
ForceType core
Forces all matching files to be served with the specified media type in the HTTP Content-Type header field
Header mod_headers
Configure HTTP response headers
ISAPIAppendLogToErrors mod_isapi
Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log
ISAPIAppendLogToQuery mod_isapi
Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field
ISAPIFakeAsync mod_isapi
Fake asynchronous support for ISAPI callbacks
ISAPILogNotSupported mod_isapi
Log unsupported feature requests from ISAPI extensions
ISAPIReadAheadBuffer mod_isapi
Size of the Read Ahead Buffer sent to ISAPI extensions
LanguagePriority mod_negotiation
The precedence of language variants for cases where the client does not express a preference
MultiviewsMatch mod_mime
The types of files that will be included when searching for a matching file with MultiViews
PassEnv mod_env
Passes environment variables from the shell
QualifyRedirectURL core
Controls whether the REDIRECT_URL environment variable is fully qualified
Redirect mod_alias
Sends an external redirect asking the client to fetch a different URL
RedirectMatch mod_alias
Sends an external redirect based on a regular expression match of the current URL
RedirectPermanent mod_alias
Sends an external permanent redirect asking the client to fetch a different URL
RedirectTemp mod_alias
Sends an external temporary redirect asking the client to fetch a different URL
RemoveCharset mod_mime
Removes any character set associations for a set of file extensions
RemoveEncoding mod_mime
Removes any content encoding associations for a set of file extensions
RemoveHandler mod_mime
Removes any handler associations for a set of file extensions
RemoveInputFilter mod_mime
Removes any input filter associations for a set of file extensions
RemoveLanguage mod_mime
Removes any language associations for a set of file extensions
RemoveOutputFilter mod_mime
Removes any output filter associations for a set of file extensions
RemoveType mod_mime
Removes any content type associations for a set of file extensions
RequestHeader mod_headers
Configure HTTP request headers
RewriteBase mod_rewrite
Sets the base URL for per-directory rewrites
RewriteCond mod_rewrite
Defines a condition under which rewriting will take place
RewriteEngine mod_rewrite
Enables or disables runtime rewriting engine
RewriteOptions mod_rewrite
Sets some special options for the rewrite engine
RewriteRule mod_rewrite
Defines rules for the rewriting engine
ScriptInterpreterSource core
Technique for locating the interpreter for CGI scripts
SetEnv mod_env
Sets environment variables
SetEnvIf mod_setenvif
Sets environment variables based on attributes of the request
SetEnvIfExpr mod_setenvif
Sets environment variables based on an ap_expr expression
SetEnvIfNoCase mod_setenvif
Sets environment variables based on attributes of the request without respect to case
SetHandler core
Forces all matching files to be processed by a handler
SetInputFilter core
Sets the filters that will process client requests and POST input
SetOutputFilter core
Sets the filters that will process responses from the server
Substitute mod_substitute
Pattern to filter the response content
SubstituteInheritBefore mod_substitute
Change the merge order of inherited patterns
SubstituteMaxLineLength mod_substitute
Set the maximum line size
UnsetEnv mod_env
Removes variables from the environment

Indexes

The following directives are allowed in .htaccess files when AllowOverride Indexes is in effect. They allow .htaccess users to control aspects of the directory index pages provided by the server, including autoindex generation.

AddAlt mod_autoindex
Alternate text to display for a file, instead of an icon selected by filename
AddAltByEncoding mod_autoindex
Alternate text to display for a file instead of an icon selected by MIME-encoding
AddAltByType mod_autoindex
Alternate text to display for a file, instead of an icon selected by MIME content-type
AddDescription mod_autoindex
Description to display for a file
AddIcon mod_autoindex
Icon to display for a file selected by name
AddIconByEncoding mod_autoindex
Icon to display next to files selected by MIME content-encoding
AddIconByType mod_autoindex
Icon to display next to files selected by MIME content-type
DefaultIcon mod_autoindex
Icon to display for files when no specific icon is configured
DirectoryCheckHandler mod_dir
Toggle how this module responds when another handler is configured
DirectoryIndex mod_dir
List of resources to look for when the client requests a directory
DirectoryIndexRedirect mod_dir
Configures an external redirect for directory indexes.
DirectorySlash mod_dir
Toggle trailing slash redirects on or off
ExpiresActive mod_expires
Enables generation of Expires headers
ExpiresByType mod_expires
Value of the Expires header configured by MIME type
ExpiresDefault mod_expires
Default algorithm for calculating expiration time
FallbackResource mod_dir
Define a default URL for requests that don't map to a file
HeaderName mod_autoindex
Name of the file that will be inserted at the top of the index listing
ImapBase mod_imagemap
Default base for imagemap files
ImapDefault mod_imagemap
Default action when an imagemap is called with coordinates that are not explicitly mapped
ImapMenu mod_imagemap
Action if no coordinates are given when calling an imagemap
IndexHeadInsert mod_autoindex
Inserts text in the HEAD section of an index page.
IndexIgnore mod_autoindex
Adds to the list of files to hide when listing a directory
IndexIgnoreReset mod_autoindex
Empties the list of files to hide when listing a directory
IndexOptions mod_autoindex
Various configuration settings for directory indexing
IndexOrderDefault mod_autoindex
Sets the default ordering of the directory index
IndexStyleSheet mod_autoindex
Adds a CSS stylesheet to the directory index
MetaDir mod_cern_meta
Name of the directory to find CERN-style meta information files
MetaFiles mod_cern_meta
Activates CERN meta-file processing
MetaSuffix mod_cern_meta
File name suffix for the file containing CERN-style meta information
ReadmeName mod_autoindex
Name of the file that will be inserted at the end of the index listing

Limit

The following directives are allowed in .htaccess files when AllowOverride Limit is in effect. This extremely narrow override type mostly allows the use of the legacy authorization directives provided by mod_access_compat.

Allow mod_access_compat
Controls which hosts can access an area of the server
Deny mod_access_compat
Controls which hosts are denied access to the server
<Limit> core
Restrict enclosed access controls to only certain HTTP methods
<LimitExcept> core
Restrict access controls to all HTTP methods except the named ones
Order mod_access_compat
Controls the default access state and the order in which Allow and Deny are evaluated.

none

[This section has no description. It's possible that the documentation is incomplete, or that the directives here have an incorrect or misspelled Override type. Please consider reporting this in the comments section.]

LogIOTrackTTFB mod_logio
Enable tracking of time to first byte (TTFB)

None

[This section has no description. It's possible that the documentation is incomplete, or that the directives here have an incorrect or misspelled Override type. Please consider reporting this in the comments section.]

AuthnCacheEnable mod_authn_socache
Enable Authn caching configured anywhere
AuthnCacheSOCache mod_authn_socache
Select socache backend provider to use

Not applicable

[This section has no description. It's possible that the documentation is incomplete, or that the directives here have an incorrect or misspelled Override type. Please consider reporting this in the comments section.]

SSLProxyMachineCertificateChainFile mod_ssl
File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
SSLProxyMachineCertificateFile mod_ssl
File of concatenated PEM-encoded client certificates and keys to be used by the proxy
SSLProxyMachineCertificatePath mod_ssl
Directory of PEM-encoded client certificates and keys to be used by the proxy

Options

The following directives are allowed in .htaccess files when AllowOverride Options is in effect. They give .htaccess users access to Options and similar directives, as well as directives that control the filter chain.

CheckCaseOnly mod_speling
Limits the action of the speling module to case corrections
CheckSpelling mod_speling
Enables the spelling module
ContentDigest core
Enables the generation of Content-MD5 HTTP Response headers
FilterChain mod_filter
Configure the filter chain
FilterDeclare mod_filter
Declare a smart filter
FilterProtocol mod_filter
Deal with correct HTTP protocol handling
FilterProvider mod_filter
Register a content filter
Options core
Configures what features are available in a particular directory
ReflectorHeader mod_reflector
Reflect an input header to the output headers
SSLOptions mod_ssl
Configure various SSL engine run-time options
SSLProxyProtocol mod_ssl
Configure usable SSL protocol flavors for proxy usage
XBitHack mod_include
Parse SSI directives in files with the execute bit set

© 2017 The Apache Software Foundation
Licensed under the Apache License, Version 2.0.
https://httpd.apache.org/docs/2.4/en/mod/overrides.html