Apache | Basic Apache Configuration | Setting the Access Scope (Section Containers)

Tags:

In Apache, the scope where access is allowed can be limited by directory or by file. This article explains how to specify the scope where configuration applies.

Limiting the configuration scope

In the httpd.conf file, you can find content like the following.

<Directory />
    AllowOverride none
    Require all denied
</Directory>

<Directory "${SRVROOT}/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<Files ".ht*">
    Require all denied
</Files>

Similar settings are repeated. The actual settings specify the scope they affect, and the configuration is applied for each scope. The syntax used to specify this scope is called a section container, such as <Directory> or <Files>.

The affected scope can be specified in three ways: by directory, by file, or by URL path. For example, you can configure files in a directory so that authentication is required to view them.

Let’s briefly look at how to write these settings.

Specifying by directory

When specifying a scope by directory, use the <Directory> section container.

<Directory path>
    ...
    configuration directive
    ...
</Directory>

The path that represents the directory is specified as a full path. On Windows, it is specified from the drive. Wildcards such as an asterisk (*) and question mark (?) can also be used.

<Directory />
    ...
</Directory>


<Directory "${SRVROOT}/htdocs">
    ...
</Directory>

In the example above, two paths are specified: / and ${SRVROOT}/htdocs. When a directory is specified, the specified directory and all subdirectories under it are included. If ${SRVROOT}/htdocs is specified, all files and subdirectories under that directory are targeted.

Since ${SRVROOT} is specified as follows, the actual path for ${SRVROOT}/htdocs becomes C:/apache/Apache24/htdocs.

Define SRVROOT "C:/apache/Apache24"

The path name / is special. As described above, when a directory is specified, all subdirectories are included. Because / represents the root directory, specifying / applies the settings to all files. In other words, the settings written here become the default settings for every directory that is not configured individually.

You can write settings for a separate directory and also write different settings for its subdirectories. In that case, two settings, or three if the root settings are included, may apply to the target directory. When directories are specified, the settings are applied in order from the shortest path from the root, and settings for the same item are overwritten.

Specifying by file

When specifying a scope by file, use the <Files> section container.

<Files file name>
    ...
    configuration directive
    ...
</Files>

Specifying by file name is useful when you want to configure files with a specific name or all files with a specific extension regardless of the directory where they exist. Wildcards such as an asterisk (*) and question mark (?) can also be used in file names.

An example written in httpd.conf looks like the following.

<Files ".ht*">
    ...
</Files>

In this example, .ht* is specified, so every file name that matches this wildcard is affected.

You can also use a regular expression for the file name as follows. When written as a regular expression, every file name matching that expression is affected.

<Files ~ "\.(htm|html|css|js|php)$">
   ...
</Files>

The example above applies to htm, html, css, js, and php. Similarly, regular expressions can be used with <FilesMatch>. The difference from <Files> is that regular expressions are applied without adding ~.

<FilesMatch "\.(htm|html|css|js|php)$">
    ...
</FilesMatch>

If multiple settings scoped by file name are written, they are activated in the order they are written. For directories, the shortest path is applied first, but for file names, the order of writing is what matters.

Specifying by URL path

When specifying a scope by URL path, use the <Location> section container.

<Location URL path>
    ...
    configuration directive
    ...
</Location>

Settings are applied based on how the resource is called, using the URL path and every URL beginning with that path, regardless of the actual file location. If the URL is http://host/aaa/bbb, specify the /aaa/bbb part.

<Location /aaa/bbb>
    ...
</Location>

Location is useful when URLs are generated dynamically from a database.

Actual configuration method

If all three section containers are written, settings are applied in the order of directory, file name, and URL path, and later settings overwrite earlier settings.

The Location URL notation is useful for explaining one way to configure access to an actual file, but it only limits the way the file is accessed and does not define the scope for the actual file itself. It may work without problems, but for settings that apply to existing files, use Directory and Files whenever possible.

Reference