Re: [users@httpd] using mod_rewrite to get around unknown directive in .htaccess

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/31/06, Joshua Slive <joshua@xxxxxxxx> wrote:
> On 1/31/06, Jason Keltz <jas@xxxxxxxxxxx> wrote:
> > On Tue, 31 Jan 2006, Joshua Slive wrote:
>
> > > Use httpd.conf to turn off .htacess processing (AllowOverride) in the
> > > relevant directory inside the <VirtualHost> section for the non-ssl
> > > host.
> >
> > Hi Joshua,
> >
> > Unfortunately, this won't do it since multiple users can use the
> > directives on the https server in any directory.  Is there no
> > "IgnoreErrors" directive in .htaccess?  What I really don't get is that if
> > I redefine the error message in the top-level .htaccess, that does indeed
> > get read which shows that the server reads the top-level .htaccess before
> > reading the bottom-level one.  How come an Error code web page
> > redefinition works, but a  mod_rewrite rule does not..
>
> It does work.  It is just that apache must ALSO read the .htaccess
> file in the subdirectory, since it may have additional RewriteRules
> (or other directives) that will change the parent directory
> configuration.  And simply ignoring config-file syntax errors would be
> a security problem.  You could, of course, simply create a stub module
> that impliments the directive as a no-op.  That would be relatively
> easy.
>
> You haven't fully specified your problem, so it is difficult to
> suggest solutions.  The obvious one is to use
> AccessFileName .htaccess-secure .htaccess
> on the ssl site.  Then if anyone is using directives that work only on
> the ssl server, tell them to rename their .htaccess to
> .htaccess-secure.

Oh, and a third alternative is to use an
ErrorDocument 500 /cgi-bin/go-to-ssl.cgi
which could then issue the redirect without the client ever seeing the error.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux