Today I ran into another server that did not allow .htaccess. If it finds one, it dies with a 500 (I beleive this is non standard, but it might be used in more places, I saw it twice). A person asked for my help because
That is not correct. If the server did not allow an .htaccess file, it would *ignore* them. In your case, the server *is* allowing an .htaccess file of some kind, only the directives that Drupal ships with are unallowed for the user, and thus it gives a 500. If you check your Apache error log, you'll get the exact reasoning. However, you may be running up against: http://drupal.org/node/67244
We should not make .htaccess files from with Drupal, not on upgrades and not after installation. Or at least not in this particular situation. It locks people out, without a hint whats happening
Again, not entirely accurate. The only .htaccess we create in Drupal is in the user's configured "files" directory. The only time the 500 error would occur is if someone *directly* accessed a URL under the files/ directory. If you're seeing otherwise, then you've got a really weird server, and we can't cater to it without negatively impacting commons.
recently. We now rely on this file, inside the files dir, for security, meaning if you remove that file, you might be less secured. We must at least document this.
Removing the file is irrelevant - you remove it and Drupal will recreate it during the next file upload. You'd have to zero-byte it instead. -- Morbus Iff ( and think about the bad things that I didn't do ) Technical: http://www.oreillynet.com/pub/au/779 Culture: http://www.disobey.com/ and http://www.gamegrene.com/ icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus