httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Garth Winter Webb <ga...@perijove.com>
Subject Re: [users@httpd] .htaccess: Options not allowed here
Date Tue, 25 Jan 2005 06:22:02 GMT
On Mon, 2005-01-24 at 19:14, Vicki Brown wrote:
> I am installing a guestbook program (http://guestbook.bigwebmaster.com/). As
> distributed, it wants to put its CGI and static files in the same directory
> and use  a .htaccess file to run the cgi scripts outside of the standard CGI
> bin.
> 
> Alternatively, the FAQ gives directions for how to reorganize the files so as
> to put the CGIs in cgi-bin and the static files (i.e. images) in the htdocs
> tree. I agree with anyone who is about to recommend that this is the better
> approach :-)
>
> However, I am curious about what I would need to do to make the .htaccess
> file work at all. The .htaccess file contains the following two lines:
>    Options +ExecCGI +FollowSymLinks
>    AddHandler cgi-script .cgi
> 
> As it stands now, if I try to use the .htaccess file, I get an error in the
> httpd-error.log:
> 
> 	.htaccess: Options not allowed here
> 
> I assume this means our security is set as we want it to be; we don't want
> random users running random CGIs just by plunking in a .htaccess file! :)

If you have random users running around your system I'd say that
Apache's handling of .htaccess files is the least of your troubles! 
Allowing the use of .htaccess files gives your users some amount of
flexibility while still giving you the last word.  Hosting providers
frequently allow open use of .htaccess files so their users install
whatever they want without forcing them to adhere to their idea of the
'right' directory layout.

> But as I said, I'm curious.
> 
> What would I need to change in my httpd.conf file that would allow this
> .htaccess file to override my global configuration and permit CGI script use
> in the given directory?

You need to read:

  http://httpd.apache.org/docs/mod/core.html#allowoverride

> And... could I narrow that down to allow the .htaccess override in a limited
> area?

You probably want:

  http://httpd.apache.org/docs/mod/core.html#directory

or

  http://httpd.apache.org/docs/mod/core.html#location

> Just in case I ever need to know...
-- 
Garth Winter Webb <garth@perijove.com>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message