Order/Required configuration that is suitable to distribute to users of both Apache 2.4 and earlier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



With the deprecation of Order, I face an issue with a .htaccess file, that, as part of a FOSS project, is being distributed to a large number of users; many of which, have little technical knowledge.

Currently, a Order directive protects a number of file endings that could be sensitive.

If one tries to use that on a host upgraded to 2.4 without access_compat, that will give a 500 error. While a 500 error is better than risking to expose sensitive files, it's not ideal, and will confuse many users.


I'm looking for a suitable configuration that would ideally work by default on the most common distributions (Debian/Ubuntu/RHEL/CentOS?), and handle both 2.4, and 2.2/0 configuration.

There's mod_version which was introduced in 2.4 that could be used to identify 2.4, but if that is disabled by default by a distribution, that would break.

Similarly, on Stackoverflow, it has been suggested to check for <IfModule mod_authz_core.c>,and do one things if it's available, and another otherwise. That also seems rather fragile though, and is not a contract to rely on.

Does anyone have suggestions for a method to solve this, that can be widely applied?

Kind regards, Claes

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux