[Pmwiki-users] more thoughts on .htaccess

Neil Herber nospam
Mon Dec 6 18:48:54 CST 2004

I have been reading the Apache 2.0 docs, which is probably a dangerous 
thing ...

In the .htaccess tutorial:


they suggest that to improve performance, all the configuration done using 
per-directory .htaccess files should be moved into the main httpd.conf 
file. The .htaccess file in the PmWiki "local/" directory ignores this advice.

Perhaps a better solution (for those with access to httpd.conf) would be to 
add these directives to httpd.conf:

## Prevent PmWiki scripts from being executed by a browser
<Directory /path/to/pmwiki/local/>
         Order allow,deny
         Deny from all

<Directory /path/to/pmwiki/cookbook/>
         Order allow,deny
         Deny from all

Please note that I am an Apache newbie and this could be wildly wrong. Can 
someone confirm or correct please??

Should there be similar protection applied to the "uploads/" directory to 
keep people from uploading scripts and executing them?


Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 

More information about the pmwiki-users mailing list