httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: access.conf changes
Date Wed, 03 Jul 1996 05:30:24 GMT
On Tue, 2 Jul 1996, Brian Behlendorf wrote:

> Here are the changes to access.conf to make it more secure, per
> suggestions by Roy.  I, too, found it extremely puzzling the more I dug
> into it.  For example, why would you have the "Indexes" option turned on
> for the cgi-bin directory?!?!  And why document the XBitHack directive in

Probably so you can set up an index file there. Makes sense to me.

> here, when there are lots of others not documented?  

Becuase at the time it was documented, there weren't a lot of others :)

> 2) Changed "AllowOverride All" to "AllowOverride None".

Is this a good idea? Hmm. I'm not sure. See below, at any rate.

> 3) Move the section on /cgi-bin/ to the bottom, give it "Options None" and
>    "AllowOverride None".

Sounds okay to me.


>   # This controls which options the .htaccess files in directories can
>   # override. Can also be "None", or any combination of "Options", "FileInfo", 
>   # "AuthConfig", and "Limit"
> ! AllowOverride None

If you change the All to None, you then need to change the None to All
in the comment.

Alexei Kosut <>      The Apache HTTP Server

View raw message