httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Cardwell <>
Subject [users@httpd] Allow mod_rewrite in .htaccess without Set/AddHandler
Date Wed, 02 Sep 2009 10:28:28 GMT

My configuration has a single VirtualHost serving all of the websites. 
I'm using suphp so that cgi scripts are executed as the owner of the 
file. In my VirtualHost I do this:

AddHandler x-suphp-cgi .cgi .pl

I want to give people access to use mod_rewrite from .htaccess files, 
but in order to do that I need to add "AllowOverride FileInfo" to a 
<Directory>. However, if I do that, it also gives them access to use 
SetHandler/AddHandler in .htaccess. If they can use those directives, 
then they can override my suphp configuration and stick this in their 
.htaccess file:

AddHandler cgi-script .cgi .pl

That then makes their scripts run as the apache user, which is what I'm 
trying to avoid... Any ideas?

Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226)

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message