[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 796
  • Last Modified:

AllowOverride for users via .htaccess on vps

I'm trying to set Apache conf so that the default for new accounts has
AllowOveride features for .htaccess, users should only be able to do things
that are similar to that below in .htaccess

RewriteCond, RewriteRule, DirectoryIndex, ErrorDocument, AddType, AddHandler
php_flag session.use_trans_sid off, php_value "register_globals" "1"
AND common Options directives

What is best option for AllowOverride, and how should it be set?
(i.e. <virtualhost> in httpd.conf)
To be sure AllowOverride set to ALL would pose some sort of security risk??

I'm confused, is this set in <virtualhost> in main .conf or www.domain.conf?

CentOS 4
Apache 1.3.36, and 1.3.34 updated.

Thanks guys,
LinWeb
0
linweb
Asked:
linweb
1 Solution
 
ahoffmannCommented:
> What is best option for AllowOverride, ..
NONE
'cause if you allow that to be done by users, then your server is open to countless threats configured by the user, and more worse: each user configuration compromises the whole server (in particular all other users).
Believe me, you won't do that.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now