Restricting Use of htaccess Files

One of the powerful features available on Apache web servers is the htaccess file. With it users can take some configuration control over their virtual web servers by setting Apache server directives within their own user directories. This allows users to change web server configuration settings without affecting the rest of the sites on the server. They can even change settings for a specific directory while leaving the rest untouched.

For web hosting, it is generally a good idea to allow users to make changes using htaccess files. Otherwise, they will be constantly contacting you and requesting you to make certain features available to them. Using htaccess files gives them the ability to make the changes they need but not compromise the rest of the server. To allow all htaccess directives, you can use the “AllowOverride All” setting in your Apache configuration file.

If, however, you want to only allow access to certain directives, you can specify them in the AllowOverride directive. For example, you could enter the following:

AllowOverride AuthConfig Indexes

Only these particular directive groups will be allowed to users. Any directives not in these groups will cause a “500 Internal Server Error”. Because limited access to Apache directives can restrict users from important features, you should make sure you allow the ones users actually need.