Page MenuHomePhabricator
Create Task
Maniphest T48003

Relax restrictions on .htaccess
Closed, ResolvedPublic
Actions

Description

At the moment, the Apache configuration denies by "AllowOverride None" all local customizations with .htaccess. This should be relaxed.

My use case is setting environment variables with "SetEnv" directives for CGI scripts; this needs assessment whether suphp can be rooted with that.

Version: unspecified
Severity: enhancement

Details

Reference
bz46003

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:37 AM
bzimport added projects: Toolforge, acl*sre-team.
bzimport set Reference to bz46003.
scfc created this task.Mar 11 2013, 9:24 PM
coren added a comment.Mar 11 2013, 9:38 PM

Pending code review of the module startup code. In principle, there should be no insurmountable problems.

coren added a comment.Mar 13 2013, 2:06 PM

After review of the code, restrictions have been relaxed to:

AllowOverride AuthConfig FileInfo Options=IncludesNOEXEC

This still provides opportunity for foot-shooting with ill-considered SetEnv, but you get to shoot your own foot only.

Luke081515 removed a subscriber: wikibugs-l-list.Jan 28 2016, 5:59 PM
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJan 28 2016, 5:59 PM
Restricted Application added a subscriber: StudiesWorld. · View Herald Transcript
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL