What does the Override column mean?

It names the AllowOverride class (FileInfo, AuthConfig, Options, Indexes, Limit, All) that must be enabled for a directory before the directive may appear in a .htaccess file. If the class is off, the directive is ignored or causes a 500 error.

Where do I put a directive — main config or .htaccess?

Prefer the main server or virtualhost config for performance, since .htaccess is read on every request. Use .htaccess only when you cannot edit the main config, and only for directives whose Override class is enabled.

How do I test config changes safely?

Run apachectl configtest (or httpd -t) to validate syntax, then apply with apachectl graceful, which reloads without dropping active connections.

What replaced the old Order/Allow/Deny directives?

Apache 2.4 replaced mod_access_compat's Order, Allow and Deny with mod_authz_core's Require, such as Require all granted or Require ip 10.0.0.0/8. The old directives still work in compatibility mode but are deprecated.

What is the status flag?

It marks the directive's origin: Core ships in the base server, Base is a module compiled in by default, Extension is an optional module loaded with LoadModule, and MPM belongs to the multi-processing module.

Apache Directives Reference

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

Look up Apache httpd directives without the manual

Apache HTTP Server is configured by directives, and each one has rules about where it may appear and whether a .htaccess file can use it. This reference lets you search directives by name, module or description and filter by status, showing the valid context, the AllowOverride class, the syntax and the providing module. It runs entirely in your browser.

How it works

Each entry lists the directive, its module (e.g. mod_rewrite), the status flag, the syntax, the contexts it is valid in, and the AllowOverride class that lets it appear in .htaccess. Apache processes directives from the main config down through <VirtualHost>, <Directory> and .htaccess files. A directive only works inside .htaccess if its override class is enabled for that directory. A typical rewrite to force HTTPS looks like:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Validate changes with apachectl configtest and apply them with apachectl graceful.

Tips and examples

To allow .htaccess overrides for a directory, set AllowOverride FileInfo (for rewrites/headers) or AllowOverride All in the matching <Directory> block; the default None ignores .htaccess entirely.
Restrict access with Require ip 192.168.1.0/24 or open it with Require all granted — these are the 2.4 replacements for Allow/Deny.
Use Header always set Strict-Transport-Security "max-age=31536000" to send HSTS even on error responses.
ProxyPass "/api" "http://127.0.0.1:3000/" turns Apache into a reverse proxy when mod_proxy and mod_proxy_http are loaded.