You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chris Johnson <jo...@nmr.mgh.harvard.edu> on 2005/08/09 15:27:29 UTC
[users@httpd] Redirect in .htaccess w/ FileInfo off.
Hi,
New problem. We wouldf very much love to allow users to use
Redirect in .htaccess but must disallow FileInfo to turn off things
like PHP. FileInfo is needed to allow Redirect.
Is there any way to either re-enable redirect specifically
without allowing FineInfo? I'm thinking no and it's a little
upsetting that Apache doesn't seem to have finer granularity here
unless I'm missing something. Oh, using 1.3 here, but 2.0 appears to
have the same problem.
Thank you kindly.
-------------------------------------------------------------------------------
Chris Johnson |Internet: johnson@nmr.mgh.harvard.edu
Systems Administrator |Web: http://www.nmr.mgh.harvard.edu/~johnson
NMR Center |Voice: 617.726.0949
Mass. General Hospital |FAX: 617.726.7422
149 (2301) 13th Street |"Reality is merely an illusion, albeit a very
Charlestown, MA., 02129 USA | persistant one." Albert Einstein
-------------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirect in .htaccess w/ FileInfo off.
Posted by Joshua Slive <js...@gmail.com>.
On 8/9/05, Chris Johnson <jo...@nmr.mgh.harvard.edu> wrote:
> On Tue, 9 Aug 2005, Joshua Slive wrote:
> > 1. Allow FileInfo but use a "php_admin_flag engine off" or similar
> > setting to assure that php can't be used.
>
> Turns off php true, but there's also perl. Is there anything
> like this for mod_perl at all?
Almost certainly yes. I'm not a mod_perl expert, but "PerlOptions
-Enable" seems to do it. There's also
SetHandler default-handler
and
Options -ExecCGI
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirect in .htaccess w/ FileInfo off.
Posted by Chris Johnson <jo...@nmr.mgh.harvard.edu>.
On Tue, 9 Aug 2005, Joshua Slive wrote:
> On 8/9/05, Chris Johnson <jo...@nmr.mgh.harvard.edu> wrote:
> > Hi,
> >
> > New problem. We wouldf very much love to allow users to use
> > Redirect in .htaccess but must disallow FileInfo to turn off things
> > like PHP. FileInfo is needed to allow Redirect.
> >
> > Is there any way to either re-enable redirect specifically
> > without allowing FineInfo? I'm thinking no and it's a little
> > upsetting that Apache doesn't seem to have finer granularity here
> > unless I'm missing something. Oh, using 1.3 here, but 2.0 appears to
> > have the same problem.
>
> No, there is no direct way to do this. But there are plenty of other
> ways to accomplish the same goal. For example:
>
> 1. Allow FileInfo but use a "php_admin_flag engine off" or similar
> setting to assure that php can't be used.
Turns off php true, but there's also perl. Is there anything
like this for mod_perl at all?
>
> 2. Allow FileInfo but use other administrative measures to keep your
> users in line. (A rule with posted consequences for violations plus a
> simple cron job for enforcement should work fine.)
>
> Joshua.
>
Yeah. Problem there is that this is an after thie horse has
escaped deal. True I can do nasty things but only after my server is
trashed.
-------------------------------------------------------------------------------
Chris Johnson |Internet: johnson@nmr.mgh.harvard.edu
Systems Administrator |Web: http://www.nmr.mgh.harvard.edu/~johnson
NMR Center |Voice: 617.726.0949
Mass. General Hospital |FAX: 617.726.7422
149 (2301) 13th Street |"The two most abundant things in the Universe
Charlestown, MA., 02129 USA | are hydrogen and stupidity." Harlan Ellison
-------------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirect in .htaccess w/ FileInfo off.
Posted by Joshua Slive <js...@gmail.com>.
On 8/9/05, Chris Johnson <jo...@nmr.mgh.harvard.edu> wrote:
> Hi,
>
> New problem. We wouldf very much love to allow users to use
> Redirect in .htaccess but must disallow FileInfo to turn off things
> like PHP. FileInfo is needed to allow Redirect.
>
> Is there any way to either re-enable redirect specifically
> without allowing FineInfo? I'm thinking no and it's a little
> upsetting that Apache doesn't seem to have finer granularity here
> unless I'm missing something. Oh, using 1.3 here, but 2.0 appears to
> have the same problem.
No, there is no direct way to do this. But there are plenty of other
ways to accomplish the same goal. For example:
1. Allow FileInfo but use a "php_admin_flag engine off" or similar
setting to assure that php can't be used.
2. Allow FileInfo but use other administrative measures to keep your
users in line. (A rule with posted consequences for violations plus a
simple cron job for enforcement should work fine.)
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org