[Pmwiki-users] more thoughts on .htaccess
Neil Herber
nospam
Mon Dec 6 18:48:54 CST 2004
I have been reading the Apache 2.0 docs, which is probably a dangerous
thing ...
In the .htaccess tutorial:
http://httpd.apache.org/docs-2.0/howto/htaccess.html
they suggest that to improve performance, all the configuration done using
per-directory .htaccess files should be moved into the main httpd.conf
file. The .htaccess file in the PmWiki "local/" directory ignores this advice.
Perhaps a better solution (for those with access to httpd.conf) would be to
add these directives to httpd.conf:
## Prevent PmWiki scripts from being executed by a browser
<Directory /path/to/pmwiki/local/>
Order allow,deny
Deny from all
</Directory>
<Directory /path/to/pmwiki/cookbook/>
Order allow,deny
Deny from all
</Directory>
##
Please note that I am an Apache newbie and this could be wildly wrong. Can
someone confirm or correct please??
Should there be similar protection applied to the "uploads/" directory to
keep people from uploading scripts and executing them?
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list