You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/05/31 16:36:14 UTC

DO NOT REPLY [Bug 29310] New: - Allowing only some options in .htaccess

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29310>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29310

Allowing only some options in .htaccess

           Summary: Allowing only some options in .htaccess
           Product: Apache httpd-2.0
           Version: 2.0.49
          Platform: All
               URL: http://dev.cs.huji.ac.il/~alsbergt/hacks/httpd-2.0.49-
                    overrideopts.diff
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: alsbergt-apache@cs.huji.ac.il
                CC: alsbergt-apache@cs.huji.ac.il


In the URL noted is a patch I wrote to add an option "AllowOverrideOpts" to the
directory context, which will specify which options are allowed to be overriden
in .htaccess files (using AllowOverride you can only specify whether options may
be overridden).  That's useful for us, for example, since globally Indexes are
disabled, but if someone wishes to, he can enable Indexes for his web page (and
subdirectories) or whatever, while we don't want to let people change other options.

This patch might not be fully complete or up to the Apache conventions, but I
tried to write it as clean as possible given the time I have.  Please tell me if
there are problems with it.  In the patch there is also very short documentation
for this option.

I only tested, with version 2.0.49, on FreeBSD 4.9, that without that option the
default (previous) behaviour is still used (All), and that specifying it has the
desired effect of only allowing those options to be overridden.  Perhaps there
are other things to test with it.

I'd be glad to have this patch (or a variant of it) integrated, to save us from
further patching of new versions, and so it might be useful to others as well.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org