If you have multiple users publishing content in your Apache installation, it is very convenient to allow them to password-protect their own directories using .htaccess files, described in Chapter 1. This mechanism has a performance penalty but relieves you of the task of providing access to or updating the Apache configuration file or user databases each time a change is required. In the appropriate directory sections of your Apache configuration file, you will need to add AllowOverride AuthConfig Limit This will enable your users to create their own .htaccess configuration files and place their own access control and authorization-related directives there. Conversely, you can prevent per-directory configuration changes with the following global setting: <Directory /> AllowOverride none </Directory> This has the added bonus of improving performance, since Apache does not need to look for the existence of per-directory configuration files for each file requested. Alternatively, you could restrict the type of configuration options that are allowed. For more information, check the documentation for AllowOverride. |