You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Vicki Brown <vl...@cfcl.com> on 2005/01/25 04:14:16 UTC
[users@httpd] .htaccess: Options not allowed here
I am installing a guestbook program (http://guestbook.bigwebmaster.com/). As
distributed, it wants to put its CGI and static files in the same directory
and use a .htaccess file to run the cgi scripts outside of the standard CGI
bin.
Alternatively, the FAQ gives directions for how to reorganize the files so as
to put the CGIs in cgi-bin and the static files (i.e. images) in the htdocs
tree. I agree with anyone who is about to recommend that this is the better
approach :-)
However, I am curious about what I would need to do to make the .htaccess
file work at all. The .htaccess file contains the following two lines:
Options +ExecCGI +FollowSymLinks
AddHandler cgi-script .cgi
As it stands now, if I try to use the .htaccess file, I get an error in the
httpd-error.log:
.htaccess: Options not allowed here
I assume this means our security is set as we want it to be; we don't want
random users running random CGIs just by plunking in a .htaccess file! :)
But as I said, I'm curious.
What would I need to change in my httpd.conf file that would allow this
.htaccess file to override my global configuration and permit CGI script use
in the given directory?
And... could I narrow that down to allow the .htaccess override in a limited
area?
Just in case I ever need to know...
--
Vicki Brown ZZZ Journeyman Sourceror:
SF Bay Area, CA zz |\ _,,,---,,_ Scripts & Philtres
http://www.cfcl.com zz /,`.-'`' -. ;-;;,_Code, Doc, Process, QA
http://cfcl.com/vlb |,4- ) )-,_. ,\ ( `'-'Perl, Unix, Mac OS X, WWW
____________________ '---''(_/--' `-'\_) ___________________________
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess: Options not allowed here
Posted by Garth Winter Webb <ga...@perijove.com>.
On Mon, 2005-01-24 at 19:14, Vicki Brown wrote:
> I am installing a guestbook program (http://guestbook.bigwebmaster.com/). As
> distributed, it wants to put its CGI and static files in the same directory
> and use a .htaccess file to run the cgi scripts outside of the standard CGI
> bin.
>
> Alternatively, the FAQ gives directions for how to reorganize the files so as
> to put the CGIs in cgi-bin and the static files (i.e. images) in the htdocs
> tree. I agree with anyone who is about to recommend that this is the better
> approach :-)
>
> However, I am curious about what I would need to do to make the .htaccess
> file work at all. The .htaccess file contains the following two lines:
> Options +ExecCGI +FollowSymLinks
> AddHandler cgi-script .cgi
>
> As it stands now, if I try to use the .htaccess file, I get an error in the
> httpd-error.log:
>
> .htaccess: Options not allowed here
>
> I assume this means our security is set as we want it to be; we don't want
> random users running random CGIs just by plunking in a .htaccess file! :)
If you have random users running around your system I'd say that
Apache's handling of .htaccess files is the least of your troubles!
Allowing the use of .htaccess files gives your users some amount of
flexibility while still giving you the last word. Hosting providers
frequently allow open use of .htaccess files so their users install
whatever they want without forcing them to adhere to their idea of the
'right' directory layout.
> But as I said, I'm curious.
>
> What would I need to change in my httpd.conf file that would allow this
> .htaccess file to override my global configuration and permit CGI script use
> in the given directory?
You need to read:
http://httpd.apache.org/docs/mod/core.html#allowoverride
> And... could I narrow that down to allow the .htaccess override in a limited
> area?
You probably want:
http://httpd.apache.org/docs/mod/core.html#directory
or
http://httpd.apache.org/docs/mod/core.html#location
> Just in case I ever need to know...
--
Garth Winter Webb <ga...@perijove.com>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org