[users@httpd] How limit directives at htaccess file

[Pol Hallen <ap...@fuckaround.org>]

Hi all, I'm study apache and I don't understand some things about htaccess.

Reading, the advice is: never permit htaccess to users.

So, can I enable htaccess but only for personalize something like this?

ErrorDocument 400 /errors/badrequest.html
ErrorDocument 401 /errors/authreqd.html
ErrorDocument 403 /errors/forbid.html
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/serverr.html

and obviously deny all other directives?

so an user with own htaccess file, can only personalize that directives.

Any idea?

Thanks for replies :-)

Pol


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How limit directives at htaccess file

[Ben Reser <be...@reser.org>]

On Tue, Aug 6, 2013 at 11:54 AM, Pol Hallen <ap...@fuckaround.org> wrote:
> Hi all, I'm study apache and I don't understand some things about htaccess.
>
> Reading, the advice is: never permit htaccess to users.
>
> So, can I enable htaccess but only for personalize something like this?
>
> ErrorDocument 400 /errors/badrequest.html
> ErrorDocument 401 /errors/authreqd.html
> ErrorDocument 403 /errors/forbid.html
> ErrorDocument 404 /errors/notfound.html
> ErrorDocument 500 /errors/serverr.html
>
> and obviously deny all other directives?
>
> so an user with own htaccess file, can only personalize that directives.

See AllowOverride:
http://httpd.apache.org/docs/current/mod/core.html#allowoverride

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How limit directives at htaccess file

[Nick Kew <ni...@webthing.com>]

On 7 Aug 2013, at 13:28, LuKreme wrote:

> .htaccess is required, for example, for a working wordpress install.

Rubbish.  htaccess is not required for anything.  Its purpose is to enable
limited aspects of server admin to be devolved to unprivileged and
untrusted users.

> I do not know that AllowOverride will give the level of control you seem to think you need over your users, but it does provide some.

Yep.  So the best advice is what Ben already posted.  Read TFM, and
either figure something out or refine the question.

-- 
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: How limit directives at htaccess file

[LuKreme <kr...@kreme.com>]

On 06 Aug 2013, at 12:54 , Pol Hallen <ap...@fuckaround.org> wrote:

> Hi all, I'm study apache and I don't understand some things about htaccess.
> 
> Reading, the advice is: never permit htaccess to users.

That's terrible advice, or very outdated advice.

.htaccess is required, for example, for a working wordpress install. There is no reason, either, to not allow a user to change the Indexes setting. Disallowing them access to Limit means they can't password protect portions of their site.

> So, can I enable htaccess but only for personalize something like this?

You can restrict what is allowed in htaccess, yes.

> and obviously deny all other directives?

No obviously about it.

I do not know that AllowOverride will give the level of control you seem to think you need over your users, but it does provide some.

-- 
Hudd: 'I've just done this radio show where I never met any of the other
actors and I didn't understand what any of it was about' Moore: 'Ah, yes
I expect that's the thing I'm in.'


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org