I think this is the part of documentation your looking for: http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride it show what you can specify to AllowOverride directive.
Obviously if you put "AllowOverride All" in your httpd.conf and your user cannot change some of these settings, so it'll be (obviously) a security worry, for example, if you have some Auth options, a normal user can override these directories settings. Hope helped, Celso. 2007/9/14, Jacob Yocom-Piatt <[EMAIL PROTECTED]>: > > have a few apache config settings that are needed in an .htaccess file, > such as SetEnvIf, RewriteEngine, RewriteBase and RewriteRule. by having > "AllowOverride All" for the Directory corresponding to where the > .htaccess file resides one can have these additional settings in the > .htaccess file and work properly. > > is there a more fine-grained way to allow config settings like mentioned > above in .htaccess files? would also be nice to know if having the > "AllowOverride All" for a given directory is much of a security worry. > > cheers, > jake > > --
