[development] no .htaccess perms 500 kills drupal.
morbus at disobey.com
Thu Jun 8 11:58:12 UTC 2006
> Today I ran into another server that did not allow .htaccess. If it finds
> one, it dies with a 500 (I beleive this is non standard, but it might be
> used in more places, I saw it twice). A person asked for my help because
That is not correct. If the server did not allow an .htaccess file, it
would *ignore* them. In your case, the server *is* allowing an .htaccess
file of some kind, only the directives that Drupal ships with are
unallowed for the user, and thus it gives a 500. If you check your
Apache error log, you'll get the exact reasoning.
However, you may be running up against:
> We should not make .htaccess files from with Drupal, not on upgrades
> and not after installation. Or at least not in this particular situation.
> It locks people out, without a hint whats happening
Again, not entirely accurate. The only .htaccess we create in Drupal is
in the user's configured "files" directory. The only time the 500 error
would occur is if someone *directly* accessed a URL under the files/
directory. If you're seeing otherwise, then you've got a really weird
server, and we can't cater to it without negatively impacting commons.
> recently. We now rely on this file, inside the files dir, for security,
> meaning if you remove that file, you might be less secured. We must at
> least document this.
Removing the file is irrelevant - you remove it and Drupal will recreate
it during the next file upload. You'd have to zero-byte it instead.
Morbus Iff ( and think about the bad things that I didn't do )
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the development