<Directory> and </Directory> are used to enclose a group of directives which will apply only to the named directory and sub-directories of that directory. Any directive which is allowed in a directory context may be used. Directory is either the full path to a directory, or a wild-card string. In a wild-card string, `?' matches any single character, and `*' matches any sequences of characters. As of Apache 1.3, you may also use `[]' character ranges like in the shell. Also as of Apache 1.3 none of the wildcards match a `/' character, which more closely mimics the behaviour of Unix shells. Example:
<Directory /usr/local/httpd/htdocs> Options Indexes FollowSymLinks </Directory>
Apache 1.2 and above: Extended regular
expressions can also be used, with the addition of the
~
character. For example:
<Directory ~ "^/www/.*/\[0-9\]\\{3\\}">would match directories in /www/ that consisted of three numbers.
If multiple (non-regular expression) directory sections match the directory (or its parents) containing a document, then the directives are applied in the order of shortest match first, interspersed with the directives from the .htaccess files. For example, with
<Directory />
AllowOverride None
</Directory>
<Directory /home/*>
AllowOverride FileInfo
</Directory>
for access to the document /home/web/dir/doc.html
the
steps are:
AllowOverride None
(disabling
.htaccess
files).AllowOverride FileInfo
(for
directory /home/web
).
/home/web/.htaccess
Regular expression directory sections are handled slightly differently by Apache 1.2 and 1.3. In Apache 1.2 they are interspersed with the normal directory sections and applied in the order they appear in the configuration file. They are applied only once, and apply when the shortest match possible occurs. In Apache 1.3 regular expressions are not considered until after all of the normal sections have been applied. Then all of the regular expressions are tested in the order they appeared in the configuration file. For example, with
<Directory ~ abc\$>
... directives here ...
</Directory>
Suppose that the filename being accessed is
/home/abc/public_html/abc/index.html
. The server considers
each of /
, /home
, /home/abc
,
/home/abc/public_html
, and
/home/abc/public_html/abc
in that order. In Apache 1.2, when
/home/abc
is considered, the regular expression will
match and be applied. In Apache 1.3 the regular expression isn't
considered at all at that point in the tree. It won't be considered
until after all normal <Directory>s and
.htaccess
files have been applied. Then the regular
expression will match on /home/abc/public_html/abc
and
be applied.
Note that the default Apache access for <Directory /> is Allow from All. This means that Apache will serve any file mapped from an URL. It is recommended that you change this with a block such as
<Directory /> Order Deny,Allow Deny from All </Directory>
and then override this for directories you want accessible. See the Security Tips page for more details.
The directory sections typically occur in the access.conf file, but they may appear in any configuration file. <Directory> directives cannot nest, and cannot appear in a <Limit> or <LimitExcept> section.See also: How Directory, Location and Files sections work for an explanation of how these different sections are combined when a request is received