httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Configuration access restriction to public_html.
Date Wed, 03 Aug 2005 15:47:07 GMT
On 8/3/05, Chris Johnson <johnson@nmr.mgh.harvard.edu> wrote:
>      We need to prevent users with URLs of the ~<user> variety from
> doing PHP or other things which execute arbirtary code.  But (there's
> always a but), at the same time we need to allow it for URLs not of
> that type, i.e. all other references.  There's the following snippet
> from httpd.conf which we modified a tad
>


>      So first question.  Is that first Limit section necessary?

Usually, no.  It depends on what you have in other sections of
httpd.conf that may deny access.

> 
>      Second question.  What is it aboruit that second section, i.e. the
> LimitExcept, that dissallows PHP?

Nothing.  That section does not disallow php; it disallows certain HTTP methods.

If you have php turned off by default, then the AllowOverride
directive should prevent .htaccess files from being used to turn it on
again.  But you may want to add something like

<Location /~>
php_flag engine off
</Location>

to be sure.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message