[support] [Fwd: Re: Disappearing .htaccess File]

Steve Edwards killshot91 at comcast.net
Mon Jul 21 00:20:13 UTC 2008 

OK, but that doesn't necessarily mean that it won't be read if the AllowOverride directive is properly set for my directory, 
right?  It just means that it can't be viewed?

Steve

lists-drupal wrote:
> This means that apache won't *serve* .ht* files to anyone:
> 
>   # The following lines prevent .htaccess and .htpasswd files from
>   # being viewed by Web clients.
> 
> There are serious security reasons for this. [if i can find the file
> i can read it, and any/all of its potentially secret contents. can
> make for happy hacking.]
> 
> If you view your document root with something that doesn't use
> apache, e.g., direct filesystem viewing - e.g., from a shell, ftp,
> etc., you'll be able to see the file (assuming things are configured,
> or you give the appropriate commands to, view "dot" files on a unix
> filesystem).
> 
> I would only change or override that apache directive if I really
> knew what I was doing, and then only by putting appropriate security
> constraints on it (e.g., make it only visible from localhost or some
> other specific IPnumber that I have full control over).
> 
> 
>   - Rick
> 
> ------------ Original Message ------------
>> Date: Sunday, July 20, 2008 04:25:30 PM -0700
>> From: Steve Edwards <killshot91 at comcast.net>
>> To: support at drupal.org
>> Subject: [support] [Fwd: Re:  Disappearing .htaccess File]
>>
>> I found the files (/etc/httpd), so I'm looking in it.  Here's what
>> I noticed:
>>
>> # 
>> # AccessFileName: The name of the file to look for in each directory
>> # for additional configuration directives.  See also the
>> # AllowOverride directive.
>> # 
>> AccessFileName .htaccess
>>
>> # 
>> # The following lines prevent .htaccess and .htpasswd files from
>> # being viewed by Web clients.
>> # 
>> <Files ~ "^\.ht">
>>      Order allow,deny
>>      Deny from all
>> </Files>
>>
>> So it looks like .htaccess files are allowed, but they just can't
>> be seen even by things like FileZilla (the comments just say web 
>> clients).  Correct?
>>
>> However, the root for my site is /home/myname.  I'm assuming that
>> means that I have to add another directive for my directory like 
>> this:
>>
>> <Directory "/home/myname">
>>    AllowOverride All
>> </Directory>
>>
>>
>> Is that correct?
>>
>> Will I need to restart Apache after making these changes?
>>
>> Thanks.
>>
>> Steve
>>
> ------------ End Original Message ------------
> 
> 
>

More information about the support mailing list