httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Nunnelley <>
Subject Re: [users@httpd] Hardening Apache against attacks
Date Tue, 26 Oct 2010 22:15:42 GMT
> Why .htaccess? Security tip #1 should be 'disable .htaccess'. Performance
> tip #1 too.

I'm not running a vhost clients can control. I'm running a vhost for
production sites my dev team manages, and I don't always want my dev
team restarting Apache to make changes. Also, .htaccess is in version
control (along with all other important app and config files). Aside
from the chance your users will modify .htaccess, why would you
disallow .htaccess? I assume disallowing overrides allows you to set
permissions and behavior in stone. But, it sure makes for a nice tool
to handle redirect changes, new file type restrictions, etc.


Jason N

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message