httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@decus.org (Rodent of Unusual Size)
Subject Re: including no-access to .htaccess in .conf-dist
Date Thu, 10 Apr 1997 09:58:54 GMT
>From the fingers of Dean Gaudet flowed the following:
>
>On Wed, 9 Apr 1997, Rodent of Unusual Size wrote:
>>     However, a configuration directive saying "don't allow access to
>>     *any* AccessFiles here or below", which controls the [non]invocation
>>     of the check you suggest, would be a win (IMUO).  But that's for
>>     later..
>
>You mean like:
>
><Directory /here/there/and/somewhere/else>
>    AllowOverride All
>    <Files ~ "\.htaccess$">
>	order deny,allow
>	deny from all
>    </Files>
></Directory>

    Actually, no.  Maybe I haven't thought this through very well, but I
    was thinking more along the lines of

     CanServeConfigFiles {on|off}

    I expanded the concept, to myself as I was falling asleep [in bed,
    fortunately ;-], to include other config files.  As a side effect,
    this could address the issue of someone being able to stick a
    "SetHandler server-info" in an .htaccess file.

    Just a random thought, no doubt the result of synaptic activity
    triggered by last night's Solar flare whizzing through the
    bubble-chamber atop my shoulders.. <g>

    #ken    :-)}

Mime
View raw message