Directory Directives
Directory Directives
The following directives apply to directories within the content root.
<directory>
| Description | Enclose a group of directives that apply only to the named file-system directory and sub-directory |
| Syntax | <directory directory-path> ... </Directory> |
| Context | global |
<directory> and </directory> are used to enclose a group of directives that will apply only to the named directory and sub-directories of that directory. Any directive that is allowed in a directory context may be used. directory-path is either the path to a directory (relative to the content root), or a wild-card string using Unix shell-style matching. In a wild-card string, ? matches any single character, and * matches any sequences of characters. You may also use [] character ranges and any POSIX 1003.2 extended regular expression character class. None of the wildcards match a '/' character, so <directory /*/images> will not match /applications/myapp/images, but <directory /applications/*/images> will. Note that the '/' character must be used as the directory separator even under a Windows environment. All matches are done against the start of the directory. If the leading '/' character is ommitted from directory-path then it will automatically be added.
If multiple (non-regular expression) <directory> sections match the directory (or one of its parents) containing a document, then the directives are applied in the order of shortest match first.
Note that the default RealityServer access for <directory /> is Deny from All. This means that RealityServer will not serve any files from the content tree. If you wish to serve any content you will need to enable permission to do so, preferrably on a per-directory basis. EG:
<directory /html>
allow from all
</directory>
<directory /js>
allow from all
</directory>
allow
The allow directive affects which areas of the content root can serve static content. Specifying allow for a directory will permit it's files to be served to users.
The first argument to this directive is always from. The only supported value for the second argument is 'all' which allows content to be served to any host, subject to the configuration of the deny and order directives as discussed below.
deny
| Description | Controls which hosts are denied access to the server |
| Syntax | deny from all |
| Context | directory |
This directive allows access to the server to be restricted. The arguments for the deny directive are identical to the arguments for the allow directive.
index
| Description | Controls which file is served when a directory is requested |
| Syntax | index filename |
| Context | directory |
This directive specifies which file should be served when a client HTTP request resolves to a directory rather than a file. The file is searched for relative to the directory requested. If an absolute path is specified then it is absolute relative to the content_root. A relative path cannot reference a file outside of content_root.
The default index for <directory /> is index.html.
order
| Description | Controls the default access state and the order in which Allow and Deny are evaluated |
| Syntax | order ordering |
| Context | directory |
The order directive, along with the allow and deny directives, controls a three-pass access control system. The first pass processes either all allow or all deny directives, as specified by the order directive. The second pass parses the rest of the directives (deny or allow). The third pass applies to all requests which do not match either of the first two.
Note that all allow and deny directives are processed, unlike a typical firewall, where only the first match is used. The last match is effective (also unlike a typical firewall). Additionally, the order in which lines appear in the configuration files is not significant -- all allow lines are processed as one group, all deny lines are considered as another, and the default state is considered by itself.
ordering is one of:
- allow,deny
- First, all allow directives are evaluated; at least one must match, or the request is rejected. Next, all deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an allow or a deny directive are denied by default.
- deny,allow
- First, all deny directives are evaluated; if any match, the request is denied unless it also matches an allow directive. Any requests which do not match any allow or deny directives are permitted.
Keywords may only be separated by a comma; no whitespace is allowed between them.
The default order for <directory /> is Deny,Allow.
virtual
| Description | Specifies a virtual path for a directory. |
| Syntax | virtual directory-path |
| Context | directory |
virtual allows for the serving of static data from outside the content root directory. directory-path specifies a directory on the filesystem from which all content that matches this directory pattern will be served. Note that Directory directives that contain virtuals may not contain wildcards within their pattern.
Virtual directories can only be used for serving static content. They may not be used as paths for executing commands or for loading scene data.