Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 470D1200B86 for ; Sun, 18 Sep 2016 21:31:11 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 45933160AC3; Sun, 18 Sep 2016 19:31:11 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 82260160A8C for ; Sun, 18 Sep 2016 21:31:10 +0200 (CEST) Received: (qmail 13628 invoked by uid 500); 18 Sep 2016 19:31:09 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 13618 invoked by uid 99); 18 Sep 2016 19:31:09 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Sep 2016 19:31:09 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 941FAC0115 for ; Sun, 18 Sep 2016 19:31:08 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.821 X-Spam-Level: X-Spam-Status: No, score=-0.821 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id cvzeBaKY5L_y for ; Sun, 18 Sep 2016 19:31:07 +0000 (UTC) Received: from mail-qt0-f175.google.com (mail-qt0-f175.google.com [209.85.216.175]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 13AAD5F24B for ; Sun, 18 Sep 2016 19:31:07 +0000 (UTC) Received: by mail-qt0-f175.google.com with SMTP id l91so63520761qte.3 for ; Sun, 18 Sep 2016 12:31:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=/s6i0058ChSzixlsVIYWz3nt9sNYAAgJaichWVTaDBE=; b=HOZqnikTCE7a6/cXQFYFQRe1IkLXUo9BhXF1wuQ/En9bnChzY3hTj8pRSHPLX01ncp +pZbvIjcob+jT8HlsKb4fPxIldGNE6o+YkHhR8U3WJlpjTweJaUMHsXRcLMilrt8N2yU cBVrPkTi6K46QS2MVtfOI45+nvfv2pMiTdtuBjHq587j1wwovuhnO8dKHq3NIeB6MSIf 3IkfmXZqymvnwqfh9Xmg0pJ7/iTTaWSoKUJfWFwSKJwWrxLW/Xxrzbh36JfB++tJMC/F FxJdOvCWDINtoGZ2OH52k7Q4LQyXxM9scD0Lle7cezWuemf3ZmxKLl3XS6EqrDZib6yG dGag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=/s6i0058ChSzixlsVIYWz3nt9sNYAAgJaichWVTaDBE=; b=k28f/TaV2ZxSOM4GKsW2Vv3AGyizc5JBhoVIWqScRgZbNUNH2x8562UCRXjmKBjwIL LlbSqPGjasQ7NgLUBm83jjj3yTiwS+TN7/B37xDI139tsNLt+gnqnm3t9/a93SEY9LMA x6Mw5Lr9UPPckTPLd+se5yntfeYmYZLBof5rO/NGjQ7U27DyUBvQMgYVvz/sLjXQ9xTZ yLZ7IUR+tCCbEn2o7d7DBKIAbVb68QDAVakbPSuzpfUawTZTt4U1XqdIEQqLhkJjyui1 ED1gR+l1BQhmuzDkuH1TrPrrKp9AbOe3Wi3vfRcH9Reg9884fNPu4oeB9/NuLsezrTD8 EAaw== X-Gm-Message-State: AE9vXwNJuBtq/Jt6IyAkp9TaA+SIMpppS7/n6ZmPTEb79hvCcBsWg5zigklAY0gQYQYs4NdHGW8bpUYTjjckZA== X-Received: by 10.237.45.39 with SMTP id h36mr16240394qtd.155.1474227060210; Sun, 18 Sep 2016 12:31:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.237.56.199 with HTTP; Sun, 18 Sep 2016 12:30:59 -0700 (PDT) In-Reply-To: <1474226753.3926.28.camel@vestfarms.com> References: <1474213947.3926.13.camel@vestfarms.com> <1474218673.3926.21.camel@vestfarms.com> <1474226753.3926.28.camel@vestfarms.com> From: Eric Covener Date: Sun, 18 Sep 2016 15:30:59 -0400 Message-ID: To: users@httpd.apache.org Content-Type: text/plain; charset=UTF-8 Subject: Re: [users@httpd] "Define" directive is ALWAYS parsed archived-at: Sun, 18 Sep 2016 19:31:11 -0000 On Sun, Sep 18, 2016 at 3:25 PM, Adam wrote: > Ah yes, the monkey wrench. So the reason why going that route isn't an > option is because this is being done in a shared environment, with .htaccess > enabled for users. In an environment like that, anyone can just drop > SetHandler server-info into any .htaccess they want and get all of that > (sometimes sensitive) info. Due to the nature of all this, it was looking > like the only way to truly limit who could gain access to that info would be > to only load the module itself under specific circumstances, which is what > led me to where I'm at now. That's just not possible, modules can only be loaded at startup. > > Is there a way I've not yet found that allows me to disable using SetHandler > in an .htaccess context (while still allowing other things), or to not allow > defining server-info there? You cannot really do it well. You can block all of FileInfo, or list what's overideable in AllowOverrideList but you can't use negation in that. There has been discussion in the past about moving some mods (like info and status) away from SetHandler configuration for this very reason but nothing was ever implemented. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org