Do you have a question? Post it now! No Registration Necessary. Now with pictures!
May 23, 2005, 11:40 pm
rate this thread
Seams like a stupid question, but did you turn on the line in your
httpd.conf which tells the system to look at .htaccess files & set your
allow override in the <directory></directory> option as well. I noticed
that in most default installations of apache under various distros,
these are both turned off.
For example, I use .htaccess files, so I have setup this:
Options Indexes FollowSymLinks
Allow from all
And I turned on this:
<Files ~ "^\.ht">
Deny from all
Ok here is what this whole mess means:
The `AllowOverride All` line in the <Directory></Directory> section allows
.htaccess file's contents to override/augment the default settings for
that folder given in <Directory> & all of its sub-folders.
The `AccessFileName .htaccess` line states for apache to look at files
called .htaccess to figure out what all the password stuff is & what
settings to override, if necessary.
Lastly, the <Files></Files> section prevents someone from reading the
.htaccess files from their web browser, after once login to that
section of your site, if they try to access it directly in a URL.
If you use these 3 settings it should allow .htaccess files to correctly
process. This of course assumes you have the correct settings in your
.htaccess files to begin with.
I hope this helps...
- » [OSFP] a solution against 'xprobe2' and 'nmap -O' ??
- — Previous thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security