[pmwiki-users] Apache 2.4 htaccess
Petko Yotov
5ko at 5ko.fr
Sun Nov 3 14:09:43 CST 2013
Oliver Betz writes:
> currently PmWiki uses
>
> Order Deny,Allow
> Deny from all
>
> as default .htaccess in several writeable directories.
>
> As far as I see, Apache 2.4 doesn't support this notation.
>
> Is the default behaviour of Apache 2.4 safe enough or should there be
> specific entries?
I made some research and tests.
When using this on Apache 2.4:
Order Deny,Allow
Deny from all
Apache 2.4 with the module access_compat_module enabled, works just fine.
Apache 2.4 without the module access_compat_module enabled, returns an
Internal server error when trying to access a file in the protected
directories. So, the files in these directories are still protected.
This access_compat_module may be or not installed by default.
The recommended way to protect a directory for Apache 2.4 in .htaccess is:
Require all denied
This obviously works fine in Apache 2.4, but in 2.2 it does nothing.
The following was recommended as "backwords compatible" on some tech sites:
# Apache 2.4
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Apache 2.2
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
This works fine on my home Apache 2.4 server, but on my home 2.2 server it
does nothing.
I'll have to investigate it further.
In the mean time, I'm not overly worried because the old .htaccess
protection does not allow access to the protected files with the new version
of Apache.
Petko
More information about the pmwiki-users
mailing list