The Apache documentation tells you how to order directives in the same scopes, but neglects to remind you about the way different scopes merge. So, as of 2.4, here's an overview of how it all works.
When the server first receives a URL, it searches for matching containers to determine the active configuration. The following containers are checked at this stage, highest priority first ("last to first" or "first to last" refers to the order that the sections or directives are listed in the configuration file):
- <If>, from last to first.
- <Location> and <LocationMatch>, last to first.
Once the server has a physical path, directives are applied, highest priority first:
- <Files> and <FilesMatch>, last to first.
- <DirectoryMatch> sections matching the directory, last to first.
- From most- to least-specific directory path (e.g. /foo/bar before /), regardless of order:
- Directives in .htaccess files, if allowed and present.
- <Directory> section. I suspect, but haven't verified, that multiple Directory sections on the same path (e.g. <Directory /foo></Directory> ... <Directory /foo></Directory>) will apply last to first.
The ordering of directives within sections, and what happens with duplicates (at multiple priority levels) in general, is defined by each individual module.
- RewriteRules execute first-to-last when the section containing them is processed. Stopping is subject to flags and things (mod_rewrite is a powerful beast): the [L] flag and any that imply it end processing of rewrite rules in that section; for example, rules in <VirtualHost> cannot stop rules in <Directory> from applying.
- ProxyPass and ProxyPassMatch rules execute first-to-last, stopping when any match is found. Thus the "longest match first" rule given in mod_proxy's documentation.
- Alias, AliasMatch, Redirect, and RedirectMatch rules execute first-to-last, stopping when any match is found. Likewise, this produces a "longest match first" rule that is given in the mod_alias documentation.
- Whether a URL is tried with other modules (like mod_proxy or mod_alias) after RewriteRules have taken effect depends on how the RewriteRule is written and where it is placed. I am not sure I understand the finer points of this, but the pass-through flag
[PT]exists to force mod_rewrite to treat it as a URL and let other modules have a chance to handle it.
One other quirk of laying out mod_proxy directives is that they're not actually valid within <Directory> or <Files> sections. mod_proxy itself deals only with the URL space, and if another module has decided on a file-system path, then Apache is implicitly serving the content directly, as origin server. It is then too late for pure URL-to-URL manipulations, which is the level that mod_proxy works at.
Post a Comment