Why can't I disable .htaccess in Apache?

Question

This is the opposite problem from most about which I have read. I am running Ubuntu 8.04 on an Amazon instance with Apache 2.2.8 and I can't figure out why setting AllowOverride to None for root doesn't stop my .htaccess file from being included.

I have a sub-directory with hello.py in it and an .htaccess file. When I browse to the file, it works fine with modpython serving the file. If I put some garbage in .htaccess I get a server error, so I know the .htaccess file is being used. Also if I delete the .htaccess file, hello.py is no longer server by modpython - instead the browser tries to open it.

In one of my sites-available (linked in sites-enabled), I have "AllowOverride None" for the root directory. I thought that this would prevent .htaccess from being included from root and all its sub-directories which should cause hello.py to not be served by mod_python. However, it continues to be served fine and I can test that .htaccess is still being included because when I modify it, I see the results in my browser.

Maybe there is something I am not understanding about my file in sites-enabled. This is the file I am using:

NameVirtualHost *:8080 
<VirtualHost *:8080>
<Directory />
AllowOverride None
</Directory>
</VirtualHost>

Thanks for any help.

Answer 1

AllowOverride is only allowed in <Directory>-sections, so you've done everything right.

One problem you could have is that other (sub-)<Directory>-sections set AllowOverride to something different than None. That will override the setting for these subdirectories. I use

<Directory />
 Options FollowSymLinks
 AllowOverride None
</Directory>
<Directory /var/www/>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride AuthConfig 
 Order allow,deny
 allow from all
</Directory>

and in /var/www (my docroot) I can use .htaccesses.

The reason why mod_python does not work anymore if you delete your .htaccess is that mod_python setup is usually in .htaccess files.

If you need more information, please send us your configuration.

PS: In fact the docuementation linked above says that you should never set AllowOverride to something not None in <Directory />.

Answer 2

The reason the file is not served via mod_python when you delete .htaccess is because the setup for mod_python is located in it. If you move that stuff to your sites-available file, you can delete .htaccess, turn a blind eye to the problem, and call it a day.

If that doesn't satisfy you, then as to why .htacess is being read at all, I can't say. You are correct that AllowOverride None should prevent the file from ever being read. Have you considered the possibility that you screwed something up when adding the virtual site? Try throwing some garbage into the config and see if it complains, just to be sure it's being read at all.