<-
Apache > HTTP Server > Documentation > Version 2.4

Override Class Index for .htaccess

Available Languages:  en 

This is an index of the directives that are allowed in .htaccess files for various AllowOverride settings, organized by class. Its intended purpose is to help server administrators verify the privileges they're granting to .htaccess users. For an overview of how .htaccess works, see the .htaccess tutorial.

To determine the set of directives that your server configuration allows .htaccess users to use:

  1. Start with the set of directives in the AllowOverrideList for the directory in question. (By default, this is set to None.)
  2. Find the AllowOverride setting for the directory in question. (By default, it is set to None.) There are two special cases:
    1. If your AllowOverride setting is All, add every directive listed on this page to the list.
    2. If your AllowOverride setting is None, you're done. Only the directives in the AllowOverrideList (if any) will be allowed.
  3. For each override class listed in AllowOverride, look up the corresponding set of directives below and add them to the list.
  4. Finally, add the set of directives that is always allowed in .htaccess (these are listed in the All section, below).

Several of the override classes are quite powerful and give .htaccess users a large amount of control over the server. For a stricter approach, set AllowOverride None and use AllowOverrideList to specify the exact list of directives that .htaccess users are allowed to use.

Topics

See also

top

All

The following directives are allowed in any .htaccess file, as long as overrides are enabled in the server configuration.

<Else>core
Contains directives that apply only if the condition of a previous <If> or <ElseIf> section is not satisfied by a request at runtime
<ElseIf>core
Contains directives that apply only if a condition is satisfied by a request at runtime while the condition of a previous <If> or <ElseIf> section is not satisfied
<Files>core
Contains directives that apply to matched filenames
<FilesMatch>core
Contains directives that apply to regular-expression matched filenames
<If>core
Contains directives that apply only if a condition is satisfied by a request at runtime
<IfDefine>core
Encloses directives that will be processed only if a test is true at startup
<IfModule>core
Encloses directives that are processed conditional on the presence or absence of a specific module
<IfVersion>mod_version
contains version dependent configuration
LimitRequestBodycore
Restricts the total size of the HTTP request body sent from the client
LimitXMLRequestBodycore
Limits the size of an XML-based request body
LuaCodeCachemod_lua
Configure the compiled code cache.
LuaHookAccessCheckermod_lua
Provide a hook for the access_checker phase of request processing
LuaHookAuthCheckermod_lua
Provide a hook for the auth_checker phase of request processing
LuaHookCheckUserIDmod_lua
Provide a hook for the check_user_id phase of request processing
LuaHookFixupsmod_lua
Provide a hook for the fixups phase of a request processing
LuaHookInsertFiltermod_lua
Provide a hook for the insert_filter phase of request processing
LuaHookLogmod_lua
Provide a hook for the access log phase of a request processing
LuaHookMapToStoragemod_lua
Provide a hook for the map_to_storage phase of request processing
LuaHookTranslateNamemod_lua
Provide a hook for the translate name phase of request processing
LuaHookTypeCheckermod_lua
Provide a hook for the type_checker phase of request processing
LuaInheritmod_lua
Controls how parent configuration sections are merged into children
LuaMapHandlermod_lua
Map a path to a lua handler
LuaPackageCPathmod_lua
Add a directory to lua's package.cpath
LuaPackagePathmod_lua
Add a directory to lua's package.path
LuaQuickHandlermod_lua
Provide a hook for the quick handler of request processing
LuaRootmod_lua
Specify the base path for resolving relative paths for mod_lua directives
LuaScopemod_lua
One of once, request, conn, thread -- default is once
RLimitCPUcore
Limits the CPU consumption of processes launched by Apache httpd children
RLimitMEMcore
Limits the memory consumption of processes launched by Apache httpd children
RLimitNPROCcore
Limits the number of processes that can be launched by processes launched by Apache httpd children
ServerSignaturecore
Configures the footer on server-generated documents
SSIErrorMsgmod_include
Error message displayed when there is an SSI error
SSITimeFormatmod_include
Configures the format in which date strings are displayed
SSIUndefinedEchomod_include
String displayed when an unset variable is echoed
top

AuthConfig

The following directives are allowed in .htaccess files when AllowOverride AuthConfig is in effect. They give .htaccess users control over the authentication and authorization methods that are applied to their directory subtrees, including several related utility directives for session handling and TLS settings.

Anonymousmod_authn_anon
Specifies userIDs that are allowed access without password verification
Anonymous_LogEmailmod_authn_anon
Sets whether the password entered will be logged in the error log
Anonymous_MustGiveEmailmod_authn_anon
Specifies whether blank passwords are allowed
Anonymous_NoUserIDmod_authn_anon
Sets whether the userID field may be empty
Anonymous_VerifyEmailmod_authn_anon
Sets whether to check the password field for a correctly formatted email address
AuthBasicAuthoritativemod_auth_basic
Sets whether authorization and authentication are passed to lower level modules
AuthBasicFakemod_auth_basic
Fake basic authentication using the given expressions for username and password
AuthBasicProvidermod_auth_basic
Sets the authentication provider(s) for this location
AuthBasicUseDigestAlgorithmmod_auth_basic
Check passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication.
AuthDBMGroupFilemod_authz_dbm
Sets the name of the database file containing the list of user groups for authorization
AuthDBMTypemod_authn_dbm
Sets the type of database file that is used to store passwords
AuthDBMUserFilemod_authn_dbm
Sets the name of a database file containing the list of users and passwords for authentication
AuthDigestAlgorithmmod_auth_digest
Selects the algorithm used to calculate the challenge and response hashes in digest authentication
AuthDigestDomainmod_auth_digest
URIs that are in the same protection space for digest authentication
AuthDigestNonceLifetimemod_auth_digest
How long the server nonce is valid
AuthDigestProvidermod_auth_digest
Sets the authentication provider(s) for this location
AuthDigestQopmod_auth_digest
Determines the quality-of-protection to use in digest authentication
AuthFormAuthoritativemod_auth_form
Sets whether authorization and authentication are passed to lower level modules
AuthFormProvidermod_auth_form
Sets the authentication provider(s) for this location
AuthGroupFilemod_authz_groupfile
Sets the name of a text file containing the list of user groups for authorization
AuthLDAPAuthorizePrefixmod_authnz_ldap
Specifies the prefix for environment variables set during authorization
AuthLDAPBindAuthoritativemod_authnz_ldap
Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials.
AuthLDAPBindDNmod_authnz_ldap
Optional DN to use in binding to the LDAP server
AuthLDAPBindPasswordmod_authnz_ldap
Password used in conjunction with the bind DN
AuthLDAPCompareAsUsermod_authnz_ldap
Use the authenticated user's credentials to perform authorization comparisons
AuthLDAPCompareDNOnServermod_authnz_ldap
Use the LDAP server to compare the DNs
AuthLDAPDereferenceAliasesmod_authnz_ldap
When will the module de-reference aliases
AuthLDAPGroupAttributemod_authnz_ldap
LDAP attributes used to identify the user members of groups.
AuthLDAPGroupAttributeIsDNmod_authnz_ldap
Use the DN of the client username when checking for group membership
AuthLDAPInitialBindAsUsermod_authnz_ldap
Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server
AuthLDAPInitialBindPatternmod_authnz_ldap
Specifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup
AuthLDAPMaxSubGroupDepthmod_authnz_ldap
Specifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued.
AuthLDAPRemoteUserAttributemod_authnz_ldap
Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable
AuthLDAPRemoteUserIsDNmod_authnz_ldap
Use the DN of the client username to set the REMOTE_USER environment variable
AuthLDAPSearchAsUsermod_authnz_ldap
Use the authenticated user's credentials to perform authorization searches
AuthLDAPSubGroupAttributemod_authnz_ldap
Specifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups.
AuthLDAPSubGroupClassmod_authnz_ldap
Specifies which LDAP objectClass values identify directory objects that are groups during sub-group processing.
AuthLDAPUrlmod_authnz_ldap
URL specifying the LDAP search parameters
AuthMergingmod_authz_core
Controls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections.
AuthNamemod_authn_core
Authorization realm for use in HTTP authentication
AuthnCacheProvideFormod_authn_socache
Specify which authn provider(s) to cache for
AuthnCacheTimeoutmod_authn_socache
Set a timeout for cache entries
AuthTypemod_authn_core
Type of user authentication
AuthUserFilemod_authn_file
Sets the name of a text file containing the list of users and passwords for authentication
AuthzDBMTypemod_authz_dbm
Sets the type of database file that is used to store list of user groups
CGIPassAuthcore
Enables passing HTTP authorization headers to scripts as CGI variables
LDAPReferralHopLimitmod_ldap
The maximum number of referral hops to chase before terminating an LDAP query.
LDAPReferralsmod_ldap
Enable referral chasing during queries to the LDAP server.
<Limit>core
Restrict enclosed access controls to only certain HTTP methods
<LimitExcept>core
Restrict access controls to all HTTP methods except the named ones
Requiremod_authz_core
Tests whether an authenticated user is authorized by an authorization provider.
<RequireAll>mod_authz_core
Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed.
<RequireAny>mod_authz_core
Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed.
<RequireNone>mod_authz_core
Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail.
Satisfymod_access_compat
Interaction between host-level access control and user authentication
Sessionmod_session
Enables a session for the current directory or location
SessionEnvmod_session
Control whether the contents of the session are written to the HTTP_SESSION environment variable
SessionHeadermod_session
Import session updates from a given HTTP response header
SessionIncludemod_session
Define URL prefixes for which a session is valid
SessionMaxAgemod_session
Define a maximum age in seconds for a session
SSLCipherSuitemod_ssl
Cipher Suite available for negotiation in SSL handshake
SSLProxyCipherSuitemod_ssl
Cipher Suite available for negotiation in SSL proxy handshake
SSLRenegBufferSizemod_ssl
Set the size for the SSL renegotiation buffer
SSLRequiremod_ssl
Allow access only when an arbitrarily complex boolean expression is true
SSLRequireSSLmod_ssl
Deny access when SSL is not used for the HTTP request
SSLUserNamemod_ssl
Variable name to determine user name
SSLVerifyClientmod_ssl
Type of Client Certificate verification
SSLVerifyDepthmod_ssl
Maximum depth of CA Certificates in Client Certificate verification
top

FileInfo

The following directives are allowed in .htaccess files when AllowOverride FileInfo is in effect. They give .htaccess users a wide range of control over the responses and metadata given by the server.

AcceptPathInfocore
Resources accept trailing pathname information
Actionmod_actions
Activates a CGI script for a particular handler or content-type
AddCharsetmod_mime
Maps the given filename extensions to the specified content charset
AddDefaultCharsetcore
Default charset parameter to be added when a response content-type is text/plain or text/html
AddEncodingmod_mime
Maps the given filename extensions to the specified encoding type
AddHandlermod_mime
Maps the filename extensions to the specified handler
AddInputFiltermod_mime
Maps filename extensions to the filters that will process client requests
AddLanguagemod_mime
Maps the given filename extension to the specified content language
AddOutputFiltermod_mime
Maps filename extensions to the filters that will process responses from the server
AddOutputFilterByTypemod_filter
assigns an output filter to a particular media-type
AddTypemod_mime
Maps the given filename extensions onto the specified content type
BrowserMatchmod_setenvif
Sets environment variables conditional on HTTP User-Agent
BrowserMatchNoCasemod_setenvif
Sets environment variables conditional on User-Agent without respect to case
CGIMapExtensioncore
Technique for locating the interpreter for CGI scripts
CGIVarcore
Controls how some CGI variables are set
CharsetDefaultmod_charset_lite
Charset to translate into
CharsetOptionsmod_charset_lite
Configures charset translation behavior
CharsetSourceEncmod_charset_lite
Source charset of files
CookieDomainmod_usertrack
The domain to which the tracking cookie applies
CookieExpiresmod_usertrack
Expiry time for the tracking cookie
CookieNamemod_usertrack
Name of the tracking cookie
CookieStylemod_usertrack
Format of the cookie header field
CookieTrackingmod_usertrack
Enables tracking cookie
DefaultLanguagemod_mime
Defines a default language-tag to be sent in the Content-Language header field for all resources in the current context that have not been assigned a language-tag by some other means.
DefaultTypecore
This directive has no effect other than to emit warnings if the value is not none. In prior versions, DefaultType would specify a default media type to assign to response content for which no other media type configuration could be found.
EnableMMAPcore
Use memory-mapping to read files during delivery
EnableSendfilecore
Use the kernel sendfile support to deliver files to the client
ErrorDocumentcore
What the server will return to the client in case of an error
FileETagcore
File attributes used to create the ETag HTTP response header for static files
ForceLanguagePrioritymod_negotiation
Action to take if a single acceptable document is not found
ForceTypecore
Forces all matching files to be served with the specified media type in the HTTP Content-Type header field
Headermod_headers
Configure HTTP response headers
ISAPIAppendLogToErrorsmod_isapi
Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log
ISAPIAppendLogToQuerymod_isapi
Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field
ISAPIFakeAsyncmod_isapi
Fake asynchronous support for ISAPI callbacks
ISAPILogNotSupportedmod_isapi
Log unsupported feature requests from ISAPI extensions
ISAPIReadAheadBuffermod_isapi
Size of the Read Ahead Buffer sent to ISAPI extensions
LanguagePrioritymod_negotiation
The precedence of language variants for cases where the client does not express a preference
MultiviewsMatchmod_mime
The types of files that will be included when searching for a matching file with MultiViews
PassEnvmod_env
Passes environment variables from the shell
QualifyRedirectURLcore
Controls whether the REDIRECT_URL environment variable is fully qualified
Redirectmod_alias
Sends an external redirect asking the client to fetch a different URL
RedirectMatchmod_alias
Sends an external redirect based on a regular expression match of the current URL
RedirectPermanentmod_alias
Sends an external permanent redirect asking the client to fetch a different URL
RedirectTempmod_alias
Sends an external temporary redirect asking the client to fetch a different URL
RemoveCharsetmod_mime
Removes any character set associations for a set of file extensions
RemoveEncodingmod_mime
Removes any content encoding associations for a set of file extensions
RemoveHandlermod_mime
Removes any handler associations for a set of file extensions
RemoveInputFiltermod_mime
Removes any input filter associations for a set of file extensions
RemoveLanguagemod_mime
Removes any language associations for a set of file extensions
RemoveOutputFiltermod_mime
Removes any output filter associations for a set of file extensions
RemoveTypemod_mime
Removes any content type associations for a set of file extensions
RequestHeadermod_headers
Configure HTTP request headers
RewriteBasemod_rewrite
Sets the base URL for per-directory rewrites
RewriteCondmod_rewrite
Defines a condition under which rewriting will take place
RewriteEnginemod_rewrite
Enables or disables runtime rewriting engine
RewriteOptionsmod_rewrite
Sets some special options for the rewrite engine
RewriteRulemod_rewrite
Defines rules for the rewriting engine
ScriptInterpreterSourcecore
Technique for locating the interpreter for CGI scripts
SetEnvmod_env
Sets environment variables
SetEnvIfmod_setenvif
Sets environment variables based on attributes of the request
SetEnvIfExprmod_setenvif
Sets environment variables based on an ap_expr expression
SetEnvIfNoCasemod_setenvif
Sets environment variables based on attributes of the request without respect to case
SetHandlercore
Forces all matching files to be processed by a handler
SetInputFiltercore
Sets the filters that will process client requests and POST input
SetOutputFiltercore
Sets the filters that will process responses from the server
Substitutemod_substitute
Pattern to filter the response content
SubstituteInheritBeforemod_substitute
Change the merge order of inherited patterns
SubstituteMaxLineLengthmod_substitute
Set the maximum line size
UnsetEnvmod_env
Removes variables from the environment
top

Indexes

The following directives are allowed in .htaccess files when AllowOverride Indexes is in effect. They allow .htaccess users to control aspects of the directory index pages provided by the server, including autoindex generation.

AddAltmod_autoindex
Alternate text to display for a file, instead of an icon selected by filename
AddAltByEncodingmod_autoindex
Alternate text to display for a file instead of an icon selected by MIME-encoding
AddAltByTypemod_autoindex
Alternate text to display for a file, instead of an icon selected by MIME content-type
AddDescriptionmod_autoindex
Description to display for a file
AddIconmod_autoindex
Icon to display for a file selected by name
AddIconByEncodingmod_autoindex
Icon to display next to files selected by MIME content-encoding
AddIconByTypemod_autoindex
Icon to display next to files selected by MIME content-type
DefaultIconmod_autoindex
Icon to display for files when no specific icon is configured
DirectoryCheckHandlermod_dir
Toggle how this module responds when another handler is configured
DirectoryIndexmod_dir
List of resources to look for when the client requests a directory
DirectoryIndexRedirectmod_dir
Configures an external redirect for directory indexes.
DirectorySlashmod_dir
Toggle trailing slash redirects on or off
ExpiresActivemod_expires
Enables generation of Expires headers
ExpiresByTypemod_expires
Value of the Expires header configured by MIME type
ExpiresDefaultmod_expires
Default algorithm for calculating expiration time
FallbackResourcemod_dir
Define a default URL for requests that don't map to a file
HeaderNamemod_autoindex
Name of the file that will be inserted at the top of the index listing
ImapBasemod_imagemap
Default base for imagemap files
ImapDefaultmod_imagemap
Default action when an imagemap is called with coordinates that are not explicitly mapped
ImapMenumod_imagemap
Action if no coordinates are given when calling an imagemap
IndexHeadInsertmod_autoindex
Inserts text in the HEAD section of an index page.
IndexIgnoremod_autoindex
Adds to the list of files to hide when listing a directory
IndexIgnoreResetmod_autoindex
Empties the list of files to hide when listing a directory
IndexOptionsmod_autoindex
Various configuration settings for directory indexing
IndexOrderDefaultmod_autoindex
Sets the default ordering of the directory index
IndexStyleSheetmod_autoindex
Adds a CSS stylesheet to the directory index
MetaDirmod_cern_meta
Name of the directory to find CERN-style meta information files
MetaFilesmod_cern_meta
Activates CERN meta-file processing
MetaSuffixmod_cern_meta
File name suffix for the file containing CERN-style meta information
ReadmeNamemod_autoindex
Name of the file that will be inserted at the end of the index listing
top

Limit

The following directives are allowed in .htaccess files when AllowOverride Limit is in effect. This extremely narrow override type mostly allows the use of the legacy authorization directives provided by mod_access_compat.

Allowmod_access_compat
Controls which hosts can access an area of the server
Denymod_access_compat
Controls which hosts are denied access to the server
<Limit>core
Restrict enclosed access controls to only certain HTTP methods
<LimitExcept>core
Restrict access controls to all HTTP methods except the named ones
Ordermod_access_compat
Controls the default access state and the order in which Allow and Deny are evaluated.
top

none

[This section has no description. It's possible that the documentation is incomplete, or that the directives here have an incorrect or misspelled Override type. Please consider reporting this in the comments section.]

LogIOTrackTTFBmod_logio
Enable tracking of time to first byte (TTFB)
top

None

[This section has no description. It's possible that the documentation is incomplete, or that the directives here have an incorrect or misspelled Override type. Please consider reporting this in the comments section.]

AuthnCacheEnablemod_authn_socache
Enable Authn caching configured anywhere
AuthnCacheSOCachemod_authn_socache
Select socache backend provider to use
top

Not applicable

[This section has no description. It's possible that the documentation is incomplete, or that the directives here have an incorrect or misspelled Override type. Please consider reporting this in the comments section.]

SSLProxyMachineCertificateChainFilemod_ssl
File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
SSLProxyMachineCertificateFilemod_ssl
File of concatenated PEM-encoded client certificates and keys to be used by the proxy
SSLProxyMachineCertificatePathmod_ssl
Directory of PEM-encoded client certificates and keys to be used by the proxy
top

Options

The following directives are allowed in .htaccess files when AllowOverride Options is in effect. They give .htaccess users access to Options and similar directives, as well as directives that control the filter chain.

CheckCaseOnlymod_speling
Limits the action of the speling module to case corrections
CheckSpellingmod_speling
Enables the spelling module
ContentDigestcore
Enables the generation of Content-MD5 HTTP Response headers
FilterChainmod_filter
Configure the filter chain
FilterDeclaremod_filter
Declare a smart filter
FilterProtocolmod_filter
Deal with correct HTTP protocol handling
FilterProvidermod_filter
Register a content filter
Optionscore
Configures what features are available in a particular directory
ReflectorHeadermod_reflector
Reflect an input header to the output headers
SSLOptionsmod_ssl
Configure various SSL engine run-time options
SSLProxyProtocolmod_ssl
Configure usable SSL protocol flavors for proxy usage
XBitHackmod_include
Parse SSI directives in files with the execute bit set

Available Languages:  en 

top

Comments

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.