Look up Apache httpd directives without the manual
Apache HTTP Server is configured by directives, and each one has rules about
where it may appear and whether a .htaccess file can use it. This reference
lets you search directives by name, module or description and filter by status,
showing the valid context, the AllowOverride class, the syntax and the
providing module. It runs entirely in your browser.
How Apache processes configuration
Directives are evaluated in the order they appear, with scope narrowing as Apache walks from the main config down through <VirtualHost>, <Directory>, and finally .htaccess. A directive set in a broader scope can be overridden in a narrower one — but only if the narrower scope has permission. The AllowOverride setting in the parent <Directory> block controls which directive classes .htaccess can touch.
The four main processing contexts:
| Context | Where used |
|---|---|
server config | Outside any <VirtualHost> or <Directory> |
virtual host | Inside <VirtualHost> block |
directory | Inside <Directory>, <Files>, <Location> |
.htaccess | Per-directory, only if AllowOverride permits |
Common directives and their modules
mod_rewrite — URL rewriting. Requires RewriteEngine On before any rules. RewriteCond tests a condition; RewriteRule transforms the matched path.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
mod_headers — Set, append, or unset HTTP response headers.
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set X-Content-Type-Options "nosniff"
mod_authz_core — Access control (Apache 2.4+). Replaces the old Order/Allow/Deny from mod_access_compat.
Require all granted # open to everyone
Require ip 10.0.0.0/8 # restrict to a subnet
Require valid-user # must authenticate
mod_proxy + mod_proxy_http — Reverse proxy to a backend.
ProxyPass "/api/" "http://127.0.0.1:3000/"
ProxyPassReverse "/api/" "http://127.0.0.1:3000/"
Tips for safe config changes
- Always run
apachectl configtest(orhttpd -t) before reloading. A syntax error with a live reload takes the server down. - Apply with
apachectl gracefulto reload configuration without dropping existing connections. - Prefer main config over
.htaccesswhen you control the server —.htaccessis read on every request and cannot be cached. - The AllowOverride class must match. Rewrites need
AllowOverride FileInfo; auth directives needAllowOverride AuthConfig.AllowOverride None(the default) silently ignores the entire.htaccessfile.