Is the Apache Directory directive supposed to be relative to the DocumentRoot or not?
The documentation is correct, and the <Directory>
directive should be the full path.
Your first example is how you should configure the directive for VirtualHosts, and applies the options within the directive to just the DocumentRoot
. Your second example is referring to the filesystem root (literally /
).
You haven't posted the rest of the directive, but this is typically used as a way of attempting to jail Apache and restrict its access, and is usually (but not always) placed inside the main apache2.conf
or httpd.conf
configuration files, with your VirtualHosts explicitly allowing access for their own DocumentRoot
directories, so the two are often used together.
From the Apache documentation:
Note that the default access for <Directory /> is to permit all access. This means that Apache httpd will serve any file mapped from an URL. It is recommended that you change this with a block such as:<Directory /> Require all denied </Directory>and then override this for directories you want accessible. See the Security Tips page for more details.