201

I want to set the AllowOverride all But I don't know how to do it. I have found the following code by searching the google and pasted it in .htaccess:

<Directory>
        AllowOverride All
</Directory>

But after pasting it I started receiving "Internal Server Error"

Can anyone guide me where to put this code or how to do it?

the
  • 21,007
  • 11
  • 68
  • 101
Munib
  • 3,533
  • 9
  • 29
  • 37

11 Answers11

391

In case you are on Ubuntu, edit the file /etc/apache2/apache2.conf (here we have an example of /var/www):

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

and change it to;

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

then,

sudo service apache2 restart

You may need to also do sudo a2enmod rewrite to enable module rewrite.

Isaac
  • 11,409
  • 5
  • 33
  • 45
Naveed
  • 3,959
  • 1
  • 11
  • 3
  • 73
    I also needed to use ```sudo a2enmod rewrite```, then it worked. On Ubuntu 14.04 LTS. Hope it will be useful to some one. – Jonauz Jun 20 '14 at 01:26
  • 2
    Strange...when I do this I get the internal server error. Does this indicate an error in the .htaccess file located at /var/www/.htaccess? Turning the apache2,conf back to AllowOverride None fixes the error but doesn't allow URL rewrites. – o_O Jun 20 '14 at 03:16
  • In Ubuntu 12.04. I found this file at /etc/apache2/sites-available/default path – عثمان غني Jan 07 '15 at 04:27
  • How can I override this from a separate file? I can see that there is an `IncludeOptional conf-enabled/*.conf` at the last line of my `apache2.conf` file. But it seems that `apache2.conf` is prioritised instead. – JohnnyQ Jan 29 '15 at 10:37
  • This do the magic for me. After updating my company debian server from wheezy to jessie, everything in apache stopped working and after adding this, everything started working again. – periket2000 Jun 18 '15 at 20:23
  • perfectly working .. if you dont have permission then you can edit this file through SSh – Lovely Arora Sep 18 '15 at 10:52
  • I had this problem on some of my wordpress websites. I was surprised that no one has mentioned this on the wordpress forum. I can't upvote enough for this. – Andrew Liu Jul 05 '16 at 01:54
  • `Require all granted` gave me errors, think it's not necessary. – Vahid Amiri Jul 27 '17 at 10:43
  • The last step to configure my Angular app. Thank you – David Jesus May 27 '20 at 15:47
  • This seems to be pretty much a requirement for Wordpress sites. Thank you! – csalmeida Sep 28 '20 at 09:10
  • in Debian 10, WSL2, the service restart was enough. – Timo Oct 21 '20 at 10:46
  • Jonauz comment is important guys! Activate the rewrite module. I fell for the trap once – clockw0rk May 24 '23 at 15:02
71

The main goal of AllowOverride is for the manager of main configuration files of apache (the one found in /etc/apache2/ mainly) to decide which part of the configuration may be dynamically altered on a per-path basis by applications.

If you are not the administrator of the server, you depend on the AllowOverride Level that theses admins allows for you. So that they can prevent you to alter some important security settings;

If you are the master apache configuration manager you should always use AllowOverride None and transfer all google_based example you find, based on .htaccess files to Directory sections on the main configuration files. As a .htaccess content for a .htaccess file in /my/path/to/a/directory is the same as a <Directory /my/path/to/a/directory> instruction, except that the .htaccess dynamic per-HTTP-request configuration alteration is something slowing down your web server. Always prefer a static configuration without .htaccess checks (and you will also avoid security attacks by .htaccess alterations).

By the way in your example you use <Directory> and this will always be wrong, Directory instructions are always containing a path, like <Directory /> or <Directory C:> or <Directory /my/path/to/a/directory>. And of course this cannot be put in a .htaccess as a .htaccess is like a Directory instruction but in a file present in this directory. Of course you cannot alter AllowOverride in a .htaccess as this instruction is managing the security level of .htaccess files.

regilero
  • 29,806
  • 6
  • 60
  • 99
21

Goto your_severpath/apache_ver/conf/ Open the file httpd.conf in Notepad.

Find this line:

#LoadModule vhost_alias_module modules/mod_vhost_alias.so

Remove the hash symbol:

LoadModule vhost_alias_module modules/mod_vhost_alias.so

Then goto <Directory />

and change to:

<Directory />
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

Then restart your local server.

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
Achintya Nayak
  • 211
  • 2
  • 2
  • Job DONE! Ty Sir! – James Walker Jan 15 '18 at 19:00
  • 8
    N.B. `Order allow,deny` and `Allow from all` are for Apache **2.2** and earlier. With Apache 2.4, those two lines are replaced by **`Require all granted`** as shown in other answers. – FKEinternet Mar 17 '18 at 21:27
  • The answer by regilero above gives compelling reasons, both efficiency and security, for using `AllowOverride None` and moving everything out of `.htaccess` files and into the configuration files. – cazort Jul 31 '21 at 19:03
  • DocumentRoot "/var/www/XXXXXX" ServerName XXXXXX Options FollowSymLinks AllowOverride All Order allow,deny Allow from all this work with me .. thank you – aminbadri7 Jan 14 '23 at 17:55
13

If you are using Linux you may edit the code in the directory of 

/etc/httpd/conf/httpd.conf

now, here find the code line kinda like 

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride None
#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

Change the AllowOveride None to AllowOveride All

Now now you can set any kind of rule in your .httacess file inside your directories if any other operating system just try to find the file of httpd.conf and edit it.

Hasta Dhana
  • 4,699
  • 7
  • 17
  • 26
SAR
  • 1,765
  • 3
  • 18
  • 42
  • As of 2015Nov18 1539 PST, when I search Google for 'allowoverride', I see a box above the search results that shows this: `now here fine the code line kinda like # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. #Sep 11, 2013 apache - How to Set AllowOverride all - Stack Overflow stackoverflow.com/questions/18740419/how-to-set-allowoverride-all` – boot13 Nov 18 '15 at 23:40
13

On Linux, in order to relax access to the document root, you should edit the following file:

/etc/httpd/conf/httpd.conf

And depending on what directory level you want to relax access to, you have to change the directive

AllowOverride None

to

AllowOverride All

So, assuming you want to allow access to files on the /var/www/html directory, you should change the following lines from:

<Directory "/var/www/html">
 AllowOverride None
</Directory>

to

<Directory "/var/www/html">
 AllowOverride All
</Directory>
Javier La Banca
  • 329
  • 4
  • 6
  • 9
    and restart the server after – Daniel May 02 '15 at 15:58
  • After a hundred times of doublechecking my .htacces - this was the solution! Thank you very much. I thought, "all" is the default value of the apache configuration. – Matthias Kleine Aug 24 '15 at 10:24
  • Also, mentioning Linux in your answer is not good. Even though this is old, I just want to clarify that what you are saying is for Redhat based distros – Example person Mar 07 '20 at 16:34
9

enter code hereif you are using linux you have to edit the

`/etc/apache2/sites-available/000-default.conf`

under the Documentroot . add the following code

`<Directory /var/www/>
  AllowOverride all
  Require all granted
</Directory>`

then ,

`sudo service apache2 restart`

and you have to enable the apache mod rewrite

`sudo a2enmod rewrite`
Bijith Bk
  • 111
  • 1
  • 3
  • If you put all in one line, this generates "Job for apache2.service failed because the control process exited with error code" error when executing "service apache2 restart". Inserted in different lines generate the error "Internal Server Error" in the browser. This doesn't work on my installation. – Gustavo Rodríguez Aug 04 '20 at 10:20
  • 1
    The "Internal Server Error" mentioned in my previous comment was because of an invalid directive in the .htaccess "RewriteBase /var/www/html/" this looks ok to me, but after removing it, the errors are gone and my problem solved. – Gustavo Rodríguez Aug 04 '20 at 14:22
8

As other users explained here about the usage of allowoveride directive, which is used to give permission to .htaccess usage. one thing I want to point out that never use allowoverride all if other users have access to write .htaccess instead use allowoveride as to permit certain modules.

Such as AllowOverride AuthConfig mod_rewrite Instead of

AllowOverride All

Because module like mod_mime can render your server side files as plain text.

Abhishek Gurjar
  • 7,426
  • 10
  • 37
  • 45
  • 1
    THANK YOU!! This is exactly what I was searching for. I want to redirect windwalker.com.au to windwanderer.com.au and so I needed to allow this directive in a .htaccess file and NOTHING MORE. Always putting AllowOverride ALL significant'y reduces the security of my servers. – Jesse the Wind Wanderer Jul 20 '17 at 14:28
  • I get `Illegal override option mod_rewrite` when using `AllowOverride AuthConfig mod_rewrite`. Based on the docs, I don't see how it can be limited to allow a certain module. https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride – Anony Mous Sep 17 '21 at 17:25
6

I think you want to set it in your httpd.conf file instead of the .htaccess file.

I am not sure what OS you use, but this link for Ubuntu might give you some pointers on what to do.

https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles

Qben
  • 2,617
  • 2
  • 24
  • 36
1

I also meet this problem, and I found the solution as 2 step below: 1. In sites-enabled folder of apache2, you edit in Directory element by set "AllowOverride all" (should be "all" not "none") 2. In kohana project in www folder, rename "example.htaccess" to ".htaccess"

I did it on ubuntu. Hope that it will help you.

Quang Le
  • 41
  • 4
0

SuSE Linux Enterprise Server

Make sure you are editing the right file https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_apache2_configuration.html

httpd.conf

The main Apache server configuration file. Avoid changing this file. It primarily contains include statements and global settings. Overwrite global settings in the pertinent configuration files listed here. Change host-specific settings (such as document root) in your virtual host configuration.

In such case vhosts.d/*.conf must be edited

Community
  • 1
  • 1
escalator
  • 888
  • 9
  • 14
0

Plus those upvoted correct answers sometimes same error could be seen because of mismatched and different settings on SSL part of webserver configurations. (Obviously when not using .htaccess file).

Mojtaba Rezaeian
  • 8,268
  • 8
  • 31
  • 54