What is the Purpose of Apache DocumentRoot?
The DocumentRoot directive in Apache is a foundational
configuration setting that defines the main directory where the web
server looks for files to serve on the internet. When a visitor requests
a URL from a website, Apache maps that request to the file path
specified by the DocumentRoot. Understanding how this
directive works, how to configure it properly, and how to manage its
associated security permissions is essential for hosting any website or
web application on an Apache HTTP server.
Understanding How DocumentRoot Works
At its core, DocumentRoot acts as a bridge between the
URL requested by a user and the actual file system of the server. It
sets the “root” or starting point of your website’s public file
structure.
For example, if your configuration sets the directive as:
DocumentRoot "/var/www/html"When a user visits https://example.com/index.html, the
Apache server will look for the file located at
/var/www/html/index.html on the server’s hard drive. If a
user requests https://example.com/images/logo.png, Apache
searches for /var/www/html/images/logo.png. The user never
sees the real absolute path on your server; they only see the paths
relative to the DocumentRoot.
Default Locations Across Operating Systems
Depending on the operating system and Linux distribution you use, the
default location for the DocumentRoot will vary.
| Operating System / Distribution | Default DocumentRoot Path |
|---|---|
| Ubuntu / Debian (Apache2) | /var/www/html |
| CentOS / RHEL / Fedora (httpd) | /var/www/html |
| macOS (Built-in Apache) | /Library/WebServer/Documents |
| Windows (XAMPP Installation) | C:/xampp/htdocs |
Configuring DocumentRoot in Virtual Hosts
While a global DocumentRoot can be set in the main
Apache configuration file (like httpd.conf or
apache2.conf), it is most frequently utilized inside
Virtual Host blocks. Virtual Hosts allow a single
Apache server to host multiple distinct websites, each with its own
independent DocumentRoot.
Below is an example of how the directive is applied within a Virtual Host configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/var/www/example.com/public_html"
<Directory "/var/www/example.com/public_html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>Critical Security and Permission Considerations
Configuring the DocumentRoot requires careful attention
to security. If permissions are set incorrectly, you risk exposing
sensitive system files to the public.
- The Directory Block: Every
DocumentRootshould be paired with a corresponding<Directory>block, as shown in the example above. This block explicitly defines the access permissions for that specific folder. TheRequire all granteddirective tells Apache that it is safe to serve files from this location to the public. - Trailing Slashes: When defining the path in the
DocumentRootdirective, you should not include a trailing slash. Writing/var/www/html/instead of/var/www/htmlcan sometimes lead to configuration errors or unexpected behavior in URL rewriting. - Symlinks and Access Control: Ensure that the web
server user (typically
www-dataon Debian/Ubuntu orapacheon RHEL/CentOS) has read access to theDocumentRootfolder and execute access to all parent directories in the path. Without these permissions, visitors will encounter a403 Forbiddenerror.