Override Class Index for .htaccess

Available Languages: en | + fr

+ +

+ This is an index of the directives that are allowed in .htaccess files for + various AllowOverride settings, + organized by class. Its intended purpose is to help server administrators + verify the privileges they're granting to .htaccess users. For an overview + of how .htaccess works, see the + .htaccess tutorial. +

+ +

+ To determine the set of directives that your server configuration allows + .htaccess users to use: +

+ +

Start with the set of directives in the AllowOverrideList + for the directory in question. (By default, this is set to + None.)
Find the AllowOverride setting for the directory in + question. (By default, it is set to None.) There are two + special cases: +
1. If your AllowOverride setting is All, + add every directive listed on this page to the list.
2. If your AllowOverride setting is None, + you're done. Only the directives in the AllowOverrideList + (if any) will be allowed.
+
For each override class listed in AllowOverride, look up + the corresponding set of directives below and add them to the list.
Finally, add the set of directives that is always allowed in + .htaccess (these are listed in the + All section, below).

+ +

+ Several of the override classes are quite powerful and give .htaccess + users a large amount of control over the server. For a stricter approach, + set AllowOverride None and use + AllowOverrideList to specify the + exact list of directives that .htaccess users are allowed to use. +

Topics

All
AuthConfig
FileInfo
Indexes
Limit
Options

All

+ The following directives are allowed in any .htaccess file, as long as + overrides are enabled in the server configuration. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

<Else>	core
Contains directives that apply only if the condition of a +previous `<If>` or +`<ElseIf>` section is not +satisfied by a request at runtime
<ElseIf>	core
Contains directives that apply only if a condition is satisfied +by a request at runtime while the condition of a previous +`<If>` or +`<ElseIf>` section is not +satisfied
<Files>	core
Contains directives that apply to matched +filenames
<FilesMatch>	core
Contains directives that apply to regular-expression matched +filenames
<If>	core
Contains directives that apply only if a condition is +satisfied by a request at runtime
<IfDefine>	core
Encloses directives that will be processed only +if a test is true at startup
<IfDirective>	core
Encloses directives that are processed conditional on the +presence or absence of a specific directive
<IfFile>	core
Encloses directives that will be processed only +if file exists at startup
<IfModule>	core
Encloses directives that are processed conditional on the +presence or absence of a specific module
<IfSection>	core
Encloses directives that are processed conditional on the +presence or absence of a specific section directive
<IfVersion>	mod_version
contains version dependent configuration
LimitRequestBody	core
Restricts the total size of the HTTP request body sent +from the client
LimitXMLRequestBody	core
Limits the size of an XML-based request body
LogIOTrackTTFB	mod_logio
Enable tracking of time to first byte (TTFB)
LuaCodeCache	mod_lua
Configure the compiled code cache.
LuaHookAccessChecker	mod_lua
Provide a hook for the access_checker phase of request processing
LuaHookAuthChecker	mod_lua
Provide a hook for the auth_checker phase of request processing
LuaHookCheckUserID	mod_lua
Provide a hook for the check_user_id phase of request processing
LuaHookFixups	mod_lua
Provide a hook for the fixups phase of a request +processing
LuaHookInsertFilter	mod_lua
Provide a hook for the insert_filter phase of request processing
LuaHookLog	mod_lua
Provide a hook for the access log phase of a request +processing
LuaHookMapToStorage	mod_lua
Provide a hook for the map_to_storage phase of request processing
LuaHookPreTranslate	mod_lua
Provide a hook for the pre_translate phase of a request +processing
LuaHookTranslateName	mod_lua
Provide a hook for the translate name phase of request processing
LuaHookTypeChecker	mod_lua
Provide a hook for the type_checker phase of request processing
LuaInherit	mod_lua
Controls how parent configuration sections are merged into children
LuaMapHandler	mod_lua
Map a path to a lua handler
LuaPackageCPath	mod_lua
Add a directory to lua's package.cpath
LuaPackagePath	mod_lua
Add a directory to lua's package.path
LuaQuickHandler	mod_lua
Provide a hook for the quick handler of request processing
LuaRoot	mod_lua
Specify the base path for resolving relative paths for mod_lua directives
LuaScope	mod_lua
One of once, request, conn, thread -- default is once
RLimitCPU	core
Limits the CPU consumption of processes launched +by Apache httpd children
RLimitMEM	core
Limits the memory consumption of processes launched +by Apache httpd children
RLimitNPROC	core
Limits the number of processes that can be launched by +processes launched by Apache httpd children
ServerSignature	core
Configures the footer on server-generated documents
SSIErrorMsg	mod_include
Error message displayed when there is an SSI +error
SSITimeFormat	mod_include
Configures the format in which date strings are +displayed
SSIUndefinedEcho	mod_include
String displayed when an unset variable is echoed

AuthConfig

+ The following directives are allowed in .htaccess files when + AllowOverride AuthConfig is in effect. They give .htaccess + users control over the authentication and authorization methods that are + applied to their directory subtrees, including several related utility + directives for session handling and TLS settings. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Anonymous	mod_authn_anon
Specifies userIDs that are allowed access without +password verification
Anonymous_LogEmail	mod_authn_anon
Sets whether the password entered will be logged in the +error log
Anonymous_MustGiveEmail	mod_authn_anon
Specifies whether blank passwords are allowed
Anonymous_NoUserID	mod_authn_anon
Sets whether the userID field may be empty
Anonymous_VerifyEmail	mod_authn_anon
Sets whether to check the password field for a correctly +formatted email address
AuthBasicAuthoritative	mod_auth_basic
Sets whether authorization and authentication are passed to +lower level modules
AuthBasicFake	mod_auth_basic
Fake basic authentication using the given expressions for +username and password
AuthBasicProvider	mod_auth_basic
Sets the authentication provider(s) for this location
AuthBasicUseDigestAlgorithm	mod_auth_basic
Check passwords against the authentication providers as if +Digest Authentication was in force instead of Basic Authentication. +
AuthDBMGroupFile	mod_authz_dbm
Sets the name of the database file containing the list +of user groups for authorization
AuthDBMType	mod_authn_dbm
Sets the type of database file that is used to +store passwords
AuthDBMUserFile	mod_authn_dbm
Sets the name of a database file containing the list of users and +passwords for authentication
AuthDigestAlgorithm	mod_auth_digest
Selects the algorithm used to calculate the challenge and +response hashes in digest authentication
AuthDigestDomain	mod_auth_digest
URIs that are in the same protection space for digest +authentication
AuthDigestNonceLifetime	mod_auth_digest
How long the server nonce is valid
AuthDigestProvider	mod_auth_digest
Sets the authentication provider(s) for this location
AuthDigestQop	mod_auth_digest
Determines the quality-of-protection to use in digest +authentication
AuthFormAuthoritative	mod_auth_form
Sets whether authorization and authentication are passed to +lower level modules
AuthFormProvider	mod_auth_form
Sets the authentication provider(s) for this location
AuthGroupFile	mod_authz_groupfile
Sets the name of a text file containing the list +of user groups for authorization
AuthLDAPAuthorizePrefix	mod_authnz_ldap
Specifies the prefix for environment variables set during +authorization
AuthLDAPBindAuthoritative	mod_authnz_ldap
Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials.
AuthLDAPBindDN	mod_authnz_ldap
Optional DN to use in binding to the LDAP server
AuthLDAPBindPassword	mod_authnz_ldap
Password used in conjunction with the bind DN
AuthLDAPCompareAsUser	mod_authnz_ldap
Use the authenticated user's credentials to perform authorization comparisons
AuthLDAPCompareDNOnServer	mod_authnz_ldap
Use the LDAP server to compare the DNs
AuthLDAPDereferenceAliases	mod_authnz_ldap
When will the module de-reference aliases
AuthLDAPGroupAttribute	mod_authnz_ldap
LDAP attributes used to identify the user members of +groups.
AuthLDAPGroupAttributeIsDN	mod_authnz_ldap
Use the DN of the client username when checking for +group membership
AuthLDAPInitialBindAsUser	mod_authnz_ldap
Determines if the server does the initial DN lookup using the basic authentication users' +own username, instead of anonymously or with hard-coded credentials for the server
AuthLDAPInitialBindPattern	mod_authnz_ldap
Specifies the transformation of the basic authentication username to be used when binding to the LDAP server +to perform a DN lookup
AuthLDAPMaxSubGroupDepth	mod_authnz_ldap
Specifies the maximum sub-group nesting depth that will be +evaluated before the user search is discontinued.
AuthLDAPRemoteUserAttribute	mod_authnz_ldap
Use the value of the attribute returned during the user +query to set the REMOTE_USER environment variable
AuthLDAPRemoteUserIsDN	mod_authnz_ldap
Use the DN of the client username to set the REMOTE_USER +environment variable
AuthLDAPSearchAsUser	mod_authnz_ldap
Use the authenticated user's credentials to perform authorization searches
AuthLDAPSubGroupAttribute	mod_authnz_ldap
Specifies the attribute labels, one value per +directive line, used to distinguish the members of the current group that +are groups.
AuthLDAPSubGroupClass	mod_authnz_ldap
Specifies which LDAP objectClass values identify directory +objects that are groups during sub-group processing.
AuthLDAPURL	mod_authnz_ldap
URL specifying the LDAP search parameters
AuthMerging	mod_authz_core
Controls the manner in which each configuration section's +authorization logic is combined with that of preceding configuration +sections.
AuthName	mod_authn_core
Authorization realm for use in HTTP +authentication
AuthnCacheProvideFor	mod_authn_socache
Specify which authn provider(s) to cache for
AuthnCacheTimeout	mod_authn_socache
Set a timeout for cache entries
AuthType	mod_authn_core
Type of user authentication
AuthUserFile	mod_authn_file
Sets the name of a text file containing the list of users and +passwords for authentication
AuthzDBMType	mod_authz_dbm
Sets the type of database file that is used to +store list of user groups
CGIPassAuth	core
Enables passing HTTP authorization headers to scripts as CGI +variables
LDAPReferralHopLimit	mod_ldap
The maximum number of referral hops to chase before terminating an LDAP query.
LDAPReferrals	mod_ldap
Enable referral chasing during queries to the LDAP server.
<Limit>	core
Restrict enclosed access controls to only certain HTTP +methods
<LimitExcept>	core
Restrict access controls to all HTTP methods +except the named ones
Require	mod_authz_core
Tests whether an authenticated user is authorized by +an authorization provider.
<RequireAll>	mod_authz_core
Enclose a group of authorization directives of which none +must fail and at least one must succeed for the enclosing directive to +succeed.
<RequireAny>	mod_authz_core
Enclose a group of authorization directives of which one +must succeed for the enclosing directive to succeed.
<RequireNone>	mod_authz_core
Enclose a group of authorization directives of which none +must succeed for the enclosing directive to not fail.
Satisfy	mod_access_compat
Interaction between host-level access control and +user authentication
Session	mod_session
Enables a session for the current directory or location
SessionEnv	mod_session
Control whether the contents of the session are written to the +`HTTP_SESSION` environment variable
SessionHeader	mod_session
Import session updates from a given HTTP response header
SessionInclude	mod_session
Define URL prefixes for which a session is valid
SessionMaxAge	mod_session
Define a maximum age in seconds for a session
SSLCipherSuite	mod_ssl
Cipher Suite available for negotiation in SSL +handshake
SSLRenegBufferSize	mod_ssl
Set the size for the SSL renegotiation buffer
SSLRequire	mod_ssl
Allow access only when an arbitrarily complex +boolean expression is true
SSLRequireSSL	mod_ssl
Deny access when SSL is not used for the +HTTP request
SSLUserName	mod_ssl
Variable name to determine user name
SSLVerifyClient	mod_ssl
Type of Client Certificate verification
SSLVerifyDepth	mod_ssl
Maximum depth of CA Certificates in Client +Certificate verification

FileInfo

+ The following directives are allowed in .htaccess files when + AllowOverride FileInfo is in effect. They give .htaccess + users a wide range of control over the responses and metadata given by the + server. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

AcceptPathInfo	core
Resources accept trailing pathname information
Action	mod_actions
Activates a CGI script for a particular handler or +content-type
AddCharset	mod_mime
Maps the given filename extensions to the specified content +charset
AddDefaultCharset	core
Default charset parameter to be added when a response +content-type is `text/plain` or `text/html`
AddEncoding	mod_mime
Maps the given filename extensions to the specified encoding +type
AddHandler	mod_mime
Maps the filename extensions to the specified +handler
AddInputFilter	mod_mime
Maps filename extensions to the filters that will process +client requests
AddLanguage	mod_mime
Maps the given filename extension to the specified content +language
AddOutputFilter	mod_mime
Maps filename extensions to the filters that will process +responses from the server
AddOutputFilterByType	mod_filter
assigns an output filter to a particular media-type
AddType	mod_mime
Maps the given filename extensions onto the specified content +type
BrowserMatch	mod_setenvif
Sets environment variables conditional on HTTP User-Agent +
BrowserMatchNoCase	mod_setenvif
Sets environment variables conditional on User-Agent without +respect to case
CGIMapExtension	core
Technique for locating the interpreter for CGI +scripts
CGIVar	core
Controls how some CGI variables are set
CharsetDefault	mod_charset_lite
Charset to translate into
CharsetOptions	mod_charset_lite
Configures charset translation behavior
CharsetSourceEnc	mod_charset_lite
Source charset of files
CookieDomain	mod_usertrack
The domain to which the tracking cookie applies
CookieExpires	mod_usertrack
Expiry time for the tracking cookie
CookieHTTPOnly	mod_usertrack
Adds the 'HTTPOnly' attribute to the cookie
CookieName	mod_usertrack
Name of the tracking cookie
CookieSameSite	mod_usertrack
Adds the 'SameSite' attribute to the cookie
CookieSecure	mod_usertrack
Adds the 'Secure' attribute to the cookie
CookieStyle	mod_usertrack
Format of the cookie header field
CookieTracking	mod_usertrack
Enables tracking cookie
DefaultLanguage	mod_mime
Defines a default language-tag to be sent in the Content-Language +header field for all resources in the current context that have not been +assigned a language-tag by some other means.
DefaultType	core
This directive has no effect other than to emit warnings +if the value is not `none`. In prior versions, DefaultType +would specify a default media type to assign to response content for +which no other media type configuration could be found. +
EnableMMAP	core
Use memory-mapping to read files during delivery
EnableSendfile	core
Use the kernel sendfile support to deliver files to the client
ErrorDocument	core
What the server will return to the client +in case of an error
FileETag	core
File attributes used to create the ETag +HTTP response header for static files
ForceLanguagePriority	mod_negotiation
Action to take if a single acceptable document is not +found
ForceType	core
Forces all matching files to be served with the specified +media type in the HTTP Content-Type header field
Header	mod_headers
Configure HTTP response headers
ISAPIAppendLogToErrors	mod_isapi
Record `HSE_APPEND_LOG_PARAMETER` requests from +ISAPI extensions to the error log
ISAPIAppendLogToQuery	mod_isapi
Record `HSE_APPEND_LOG_PARAMETER` requests from +ISAPI extensions to the query field
ISAPIFakeAsync	mod_isapi
Fake asynchronous support for ISAPI callbacks
ISAPILogNotSupported	mod_isapi
Log unsupported feature requests from ISAPI +extensions
ISAPIReadAheadBuffer	mod_isapi
Size of the Read Ahead Buffer sent to ISAPI +extensions
LanguagePriority	mod_negotiation
The precedence of language variants for cases where +the client does not express a preference
MultiviewsMatch	mod_mime
The types of files that will be included when searching for +a matching file with MultiViews
PassEnv	mod_env
Passes environment variables from the shell
QualifyRedirectURL	core
Controls whether the REDIRECT_URL environment variable is + fully qualified
Redirect	mod_alias
Sends an external redirect asking the client to fetch +a different URL
RedirectMatch	mod_alias
Sends an external redirect based on a regular expression match +of the current URL
RedirectPermanent	mod_alias
Sends an external permanent redirect asking the client to fetch +a different URL
RedirectTemp	mod_alias
Sends an external temporary redirect asking the client to fetch +a different URL
RemoveCharset	mod_mime
Removes any character set associations for a set of file +extensions
RemoveEncoding	mod_mime
Removes any content encoding associations for a set of file +extensions
RemoveHandler	mod_mime
Removes any handler associations for a set of file +extensions
RemoveInputFilter	mod_mime
Removes any input filter associations for a set of file +extensions
RemoveLanguage	mod_mime
Removes any language associations for a set of file +extensions
RemoveOutputFilter	mod_mime
Removes any output filter associations for a set of file +extensions
RemoveType	mod_mime
Removes any content type associations for a set of file +extensions
RequestHeader	mod_headers
Configure HTTP request headers
RewriteBase	mod_rewrite
Sets the base URL for per-directory rewrites
RewriteCond	mod_rewrite
Defines a condition under which rewriting will take place +
RewriteEngine	mod_rewrite
Enables or disables runtime rewriting engine
RewriteOptions	mod_rewrite
Sets some special options for the rewrite engine
RewriteRule	mod_rewrite
Defines rules for the rewriting engine
ScriptInterpreterSource	core
Technique for locating the interpreter for CGI +scripts
SetEnv	mod_env
Sets environment variables
SetEnvIf	mod_setenvif
Sets environment variables based on attributes of the request +
SetEnvIfExpr	mod_setenvif
Sets environment variables based on an ap_expr expression
SetEnvIfNoCase	mod_setenvif
Sets environment variables based on attributes of the request +without respect to case
SetHandler	core
Forces all matching files to be processed by a +handler
SetInputFilter	core
Sets the filters that will process client requests and POST +input
SetOutputFilter	core
Sets the filters that will process responses from the +server
Substitute	mod_substitute
Pattern to filter the response content
SubstituteInheritBefore	mod_substitute
Change the merge order of inherited patterns
SubstituteMaxLineLength	mod_substitute
Set the maximum line size
UnsetEnv	mod_env
Removes variables from the environment

Indexes

+ The following directives are allowed in .htaccess files when + AllowOverride Indexes is in effect. They allow .htaccess + users to control aspects of the directory index pages provided by the + server, including autoindex generation. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

AddAlt	mod_autoindex
Alternate text to display for a file, instead of an +icon selected by filename
AddAltByEncoding	mod_autoindex
Alternate text to display for a file instead of an icon +selected by MIME-encoding
AddAltByType	mod_autoindex
Alternate text to display for a file, instead of an +icon selected by MIME content-type
AddDescription	mod_autoindex
Description to display for a file
AddIcon	mod_autoindex
Icon to display for a file selected by name
AddIconByEncoding	mod_autoindex
Icon to display next to files selected by MIME +content-encoding
AddIconByType	mod_autoindex
Icon to display next to files selected by MIME +content-type
DefaultIcon	mod_autoindex
Icon to display for files when no specific icon is +configured
DirectoryCheckHandler	mod_dir
Toggle how this module responds when another handler is configured
DirectoryIndex	mod_dir
List of resources to look for when the client requests +a directory
DirectoryIndexRedirect	mod_dir
Configures an external redirect for directory indexes. +
DirectorySlash	mod_dir
Toggle trailing slash redirects on or off
ExpiresActive	mod_expires
Enables generation of `Expires` +headers
ExpiresByType	mod_expires
Value of the `Expires` header configured +by MIME type
ExpiresDefault	mod_expires
Default algorithm for calculating expiration time
FallbackResource	mod_dir
Define a default URL for requests that don't map to a file
HeaderName	mod_autoindex
Name of the file that will be inserted at the top +of the index listing
ImapBase	mod_imagemap
Default `base` for imagemap files
ImapDefault	mod_imagemap
Default action when an imagemap is called with coordinates +that are not explicitly mapped
ImapMenu	mod_imagemap
Action if no coordinates are given when calling +an imagemap
IndexHeadInsert	mod_autoindex
Inserts text in the HEAD section of an index page.
IndexIgnore	mod_autoindex
Adds to the list of files to hide when listing +a directory
IndexIgnoreReset	mod_autoindex
Empties the list of files to hide when listing +a directory
IndexOptions	mod_autoindex
Various configuration settings for directory +indexing
IndexOrderDefault	mod_autoindex
Sets the default ordering of the directory index
IndexStyleSheet	mod_autoindex
Adds a CSS stylesheet to the directory index
MetaDir	mod_cern_meta
Name of the directory to find CERN-style meta information +files
MetaFiles	mod_cern_meta
Activates CERN meta-file processing
MetaSuffix	mod_cern_meta
File name suffix for the file containing CERN-style +meta information
ReadmeName	mod_autoindex
Name of the file that will be inserted at the end +of the index listing

Limit

+ The following directives are allowed in .htaccess files when + AllowOverride Limit is in effect. This extremely narrow + override type mostly allows the use of the legacy authorization directives + provided by mod_access_compat. +

+ + + + + + + + + + +

Allow	mod_access_compat
Controls which hosts can access an area of the +server
Deny	mod_access_compat
Controls which hosts are denied access to the +server
<Limit>	core
Restrict enclosed access controls to only certain HTTP +methods
<LimitExcept>	core
Restrict access controls to all HTTP methods +except the named ones
Order	mod_access_compat
Controls the default access state and the order in which +`Allow` and `Deny` are +evaluated.

Options

+ The following directives are allowed in .htaccess files when + AllowOverride Options is in effect. They give .htaccess + users access to Options and similar directives, as well as + directives that control the filter chain. +

+ + + + + + + + + + + + + + + + + + + + + + + + +

CheckBasenameMatch	mod_speling
Also match files with differing file name extensions.
CheckCaseOnly	mod_speling
Limits the action of the speling module to case corrections
CheckSpelling	mod_speling
Enables the spelling +module
ContentDigest	core
Enables the generation of `Content-MD5` HTTP Response +headers
FilterChain	mod_filter
Configure the filter chain
FilterDeclare	mod_filter
Declare a smart filter
FilterProtocol	mod_filter
Deal with correct HTTP protocol handling
FilterProvider	mod_filter
Register a content filter
Options	core
Configures what features are available in a particular +directory
ReflectorHeader	mod_reflector
Reflect an input header to the output headers
SSLOptions	mod_ssl
Configure various SSL engine run-time options
XBitHack	mod_include
Parse SSI directives in files with the execute bit +set