[Pmwiki-users] more thoughts on .htaccess

Patrick R. Michaud pmichaud
Tue Dec 7 07:48:58 CST 2004

On Tue, Dec 07, 2004 at 09:26:20AM -0500, Neil Herber wrote:
> For the "local/.htaccess" file to work at all, does there not need to be 
> some kind of override in the httpd.conf file? A default install of Apache 2 
> appears to have .htaccess disabled. So having the file present may give me 
> a warm feeling, but it certainly isn't protecting anything. 

Are you sure that .htaccess is disabled?  Looking at httpd.conf is
often not sufficient, because there could be directives in other
files included from httpd.conf that change this setting for specific
directories.  For example, under Red Hat 9 all of the *.conf files in
/etc/httpd/conf.d are treated part of httpd.conf.

The real way to know is to try to access a file in your local/ directory
from a browser.  For example, I have the development version of pmwiki
installed at http://www.pmwiki.org/pmwiki2, and its local/ directory is
*not* protected (on purpose) -- see http://www.pmwiki.org/pmwiki2/local/ .
However, a default installation of PmWiki should have its local
directory protected -- for example, see 
    http://www.pmwiki.org/work/pmwiki/local, and 
    http://www.pmwiki.org/work/pmwiki/local/config.php .

The last two should give access denied ("Forbidden") errors, because of
the .htaccess file in local/.


More information about the pmwiki-users mailing list