httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: Is "AllowOverride Options" dangerous?
Date Mon, 01 Jul 2002 14:00:09 GMT
>From: Rodent of Unusual Size [mailto:Ken.Coar@Golux.Com]
>Very odd, since I can't reproduce this and there's nothing in
>the code that would suggest this.  Are you sure you've got
>AllowOverride FileInfo enabled for the scope?  What happens if
>you put an 'AddType text/plain .foo' directly above the AddHandler
>in the .htaccess file?

Whoops - I think we're at crossed-purposes here! I do NOT have "AllowOverride FileInfo"...
I only have "AllowOverride Options".

The original poster was concerned that if he did "AllowOverride Options", he would inadvertently
allow users to execute CGIs by putting "AddHandler" into a .htaccess. I was commenting that
he needn't worry since AddHandler won't work in .htaccess in these circumstances and that
if he needed AddHandler in the main config, he could disable it in the users directory with
RemoveHandler. My comment about "despite what the documentation says" is erroneous - my mistake!
(I was misled by just looking at the "Context" for the directive which includes ".htaccess").
I failed to consider that it will work if AllowOverride is set appropriately.

My apologies for generating a wild-goose chase...


OWen Boyle.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message