Re: [support] [Fwd: Re: Disappearing .htaccess File] - support

21 Jul 2008


      OK, but that doesn't necessarily mean that it won't be read if the AllowOverride directive is properly set for my directory, 
right?  It just means that it can't be viewed?
Steve
lists-drupal wrote:
...
This means that apache won't *serve* .ht* files to anyone:
# The following lines prevent .htaccess and .htpasswd files from
  # being viewed by Web clients.
There are serious security reasons for this. [if i can find the file
i can read it, and any/all of its potentially secret contents. can
make for happy hacking.]
If you view your document root with something that doesn't use
apache, e.g., direct filesystem viewing - e.g., from a shell, ftp,
etc., you'll be able to see the file (assuming things are configured,
or you give the appropriate commands to, view "dot" files on a unix
filesystem).
I would only change or override that apache directive if I really
knew what I was doing, and then only by putting appropriate security
constraints on it (e.g., make it only visible from localhost or some
other specific IPnumber that I have full control over).

Rick

------------ Original Message ------------
...
Date: Sunday, July 20, 2008 04:25:30 PM -0700
From: Steve Edwards killshot91@comcast.net
To: support@drupal.org
Subject: [support] [Fwd: Re:  Disappearing .htaccess File]
I found the files (/etc/httpd), so I'm looking in it.  Here's what
I noticed:
# 
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the
# AllowOverride directive.
# 
AccessFileName .htaccess
# 
# The following lines prevent .htaccess and .htpasswd files from
# being viewed by Web clients.
# 
<Files ~ "^.ht">
     Order allow,deny
     Deny from all
</Files>
So it looks like .htaccess files are allowed, but they just can't
be seen even by things like FileZilla (the comments just say web 
clients).  Correct?
However, the root for my site is /home/myname.  I'm assuming that
means that I have to add another directive for my directory like 
this:
<Directory "/home/myname">
   AllowOverride All
</Directory>
Is that correct?
Will I need to restart Apache after making these changes?
Thanks.
Steve
------------ End Original Message ------------