Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Len on October 20, 2001, 06:33:06 AM

Title: Why are .htaccess files disabled?
Post by: Len on October 20, 2001, 06:33:06 AM: Hi there.

I've recently found out the E-smith disables .htaccess site protection features in Apache. I saw elsewhere on this board that there was a security reason for it.

My question is, what is the security risk? I'm using an E-smith box as a simple home server, so I'm curious to know if it's a risk that I can live with.

Thanks a bunch.

Len
Title: Re: Why are .htaccess files disabled?
Post by: John McGreyr on October 20, 2001, 09:29:49 PM: Sure. You have to modify the httpd.conf file. Specifically, the line dealing with AuthConfig.

This category is intended to be used to control directives that have to do with Web page security, such as the AuthName, Satisfy, and Require directives. This is the most common category to allow to be overridden, as it allows users to protect their own documents.

All
This is a shorthand way of listing all of the categories; the two statements below are equivalent:
AllowOverride AuthConfig FileInfo Indexes Limits Options
AllowOverride All

See http://apache-server.com/tutorials/ATusing-htaccess.html

That will do it. It's not a good idea to "AllowOverride All".

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies