httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Understanding OptionsBleed
Date Thu, 21 Sep 2017 08:54:53 GMT
On Wed, Sep 20, 2017 at 6:36 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
>
> Provided AllowOverride is None, and AllowOverrideList does not include
> "<Limit", the server should be protected, but I haven't played with
> this theory; https://httpd.apache.org/docs/2.4/mod/core.html#allowoverridelist

I tested this and indeed the server is protected.
This is IMHO the rigth way to control the content of .htaccess files
from httpd.conf (i.e. a white-list).

Mime
View raw message