On 9/14/06, Markus Mayer <mymaillists@xxxxxx> wrote:
Hi all, I have some users on my server who insist on writing .htaccess files and defining proxies in them. This is something I don't like or want, they also run against our firewall which causes some security related messages to be generated. I have tried different restrictions with AllowOverride however all I did was kill off other important functionality. Is there some way I can restrict users so that when they define a proxy in a .htaccess file the server returns some kind of error to the user? In otherwords, when a user does something like RewriteRule ^something/(.*)$ http://someserver.com/something/$1 [L,P] I want an error message to be returned, something like the standard "Internal Server Error" message is perfectly ok.
You need to remove FileInfo from your AllowOverrides or remove mod_proxy or mod_rewrite from your loaded modules. There is no other way in apache. (The social solution is to do automated monitoring of .htaccess files with a script and kill accounts that misuse them.) Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|