httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: htaccess support
Date Mon, 27 Sep 2010 14:53:51 GMT
On Monday 27 September 2010, Graham Leggett wrote:
> .htaccess files are what they are, a way to configure the server
> at   request time. For obvious reasons, with a server where the
> configuration is parsed on startup and then shared amongst all
> children processes using copy-on-write, any attempt at configuring
> the server at request time will be significantly slower by
> definition. Giving an unprivileged user the power to change the
> config of the server has security implications again by
> definition. But on the other hand, configuring at request time may
> be the only choice an admin has, and .htaccess is a very simple
> solution that fills that bill.

.htaccess allow two things:
1) configure the server at request time
2) allow unprivileged user the power to change the configuration (and 
the admin can limit what the user can change with the various 
AllowOverride options)

It may be a good idea to provide a solution for 2) which does not 
require the performance penalty from 1). For example,

IncludeRestricted AuthConfig,FileInfo /home/user/httpd.conf 

which would pose the same limitations on the directives allowed in 
/home/user/httpd.conf as on .htaccess. If such a IncludeRestricted was 
included in a <VirtualHost> section, it should only affect that single 
virtual host.

I don't know if this would actually be useful. Maybe it would also 
need a periodic stat()/reload of the config file.

Mime
View raw message