On 1/31/06, Jason Keltz <jas@xxxxxxxxxxx> wrote: > On Tue, 31 Jan 2006, Joshua Slive wrote: > > Use httpd.conf to turn off .htacess processing (AllowOverride) in the > > relevant directory inside the <VirtualHost> section for the non-ssl > > host. > > Hi Joshua, > > Unfortunately, this won't do it since multiple users can use the > directives on the https server in any directory. Is there no > "IgnoreErrors" directive in .htaccess? What I really don't get is that if > I redefine the error message in the top-level .htaccess, that does indeed > get read which shows that the server reads the top-level .htaccess before > reading the bottom-level one. How come an Error code web page > redefinition works, but a mod_rewrite rule does not.. It does work. It is just that apache must ALSO read the .htaccess file in the subdirectory, since it may have additional RewriteRules (or other directives) that will change the parent directory configuration. And simply ignoring config-file syntax errors would be a security problem. You could, of course, simply create a stub module that impliments the directive as a no-op. That would be relatively easy. You haven't fully specified your problem, so it is difficult to suggest solutions. The obvious one is to use AccessFileName .htaccess-secure .htaccess on the ssl site. Then if anyone is using directives that work only on the ssl server, tell them to rename their .htaccess to .htaccess-secure. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|