[Mageia-sysadm] [854] add AllowOverride All to vhost

Michael scherer misc at zarb.org
Wed Jan 19 01:31:49 CET 2011


On Wed, Jan 19, 2011 at 12:03:47AM +0100, root at mageia.org wrote:
> Revision: 854
> Author:   dams
> Date:     2011-01-19 00:03:47 +0100 (Wed, 19 Jan 2011)
> Log Message:
> -----------
> add AllowOverride All to vhost

Can you explain again why you need this ?
I know this has something to do with url rewriting, but the exact detail
doesn't look clear.

Either the .htaccess is static and not to be changed, and so
it should be migrated to apache configfile ( so it
is versionned, etc ), and for better perfs.

Or you need to change it by the software (ie wordpress ), in which case
allowing a web software to change its own apache configuration seems
like a braindead idea :
- it is dangerous
- it mean the the server can write in its own root, which
is horrible from a security point of view.

I am pretty sure that no one want to have a highly visible web site like 
the blog to be hacked, and so
that would requires actually follow best practices, especially in the area
of securit.
And that include "no .htaccess, and no webroot writable directory  ( and anything denied but direct
file serving of fitered url in various subdirectory, if needed )"
-- 
Michael Scherer


More information about the Mageia-sysadm mailing list