httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] anything really safe to use in .htaccess?
Date Wed, 05 Feb 2003 09:08:52 GMT
Things are not as haphazard as you think. The conditions under which
directives in a .htaccess file are applied are well-defined. Basically,
.htaccess overrides httpd.conf, assuming the directives are allowed by
"AllowOverride". You can't expect apache to ignore a directive if it
causes an error - that would mean you could put in a faulty directive,
apache would ignore it and you would think that the directive was

I can't see how your "Options +Indexes" would disable the site. What
changed in the config file?

Owen Boyle

>-----Original Message-----
>From: Dan Jacobson []
>Sent: Dienstag, 4. Februar 2003 23:28
>Subject: [users@httpd] anything really safe to use in .htaccess?
>What are some robust things an average website author can put in
>.htaccess on an average hosting company's machine, that won't cause
>one's site to go "500 belly up" when the administrator changes some
>config file?
>Case in point, my .htaccess was
>ErrorDocument 404 /messages/404.html
>Options +Indexes
>ExpiresActive On
>ExpiresByType image/jpeg A8888888
>ExpiresByType image/png A7777777
>until a week ago when the sysadmin changed some file so now my Options
>+Indexes line was causing the whole site to be unaccessible until
>discovered today. 
>Anyway, probably like anything in computer land, the "in crowd" knows
>which .htaccess items are more likely to weather the whims of whatever
>the sysadmin does than others... probably I will have to make my own
>indexes if I want them and also be safe from the Levis 500 Blues.  Any
>other unsafe lines in there? If I put an additional ErrorDocument 500
>will that work or is that not something the user can control?
>Can I say in there "if any errors are found in .htaccess, just stop
>reading it, dont stop serving"?
>Well, as you know I am not going to read any more .htaccess docs,
>because what i do in there has to mesh with what the sysadm does and i
>don't control or even get to see that.
>maybe i should just play it safe and not risk anymore weeklong outages
>by just removing .htaccess.
>Don't tell me that it depends on my sysadm. I know that (that's why
>I'm not mentioning the apache version number.)  . What I want to hear
>is "Dan, your ErrorDocument line will work on 99% of the hosts I know,
>whereas your ExpiresByType , while well intentioned, is just an
>accident waiting to happen if the sysadm doesn't remember to ...."
> Taiwan(04)25854780
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message