Hi, I'm using mod_perl in a shared hosting environment for some server-side configuration bits. All dynamic content for the users runs through SuEXEC, however this obviously doesn't help in the case of mod_perl so I would like to prevent users from specifying any handlers or other potentially undesirable mod_perl options/directives in their .htaccess files.
I was thinking of something along these lines: A per-directory config directive called PerlHtaccessOverrides with possible values of Handlers, Others, Env, Options, All and None. These names are based what seemed to be perceived significant groupings of the MP_CMD_DIR_* cmd's in modperl_cmds.c. Each cmd function would then check its context to see if it's an htaccess file, and would check against the list of allowed htaccess overrides for that location and deny accordingly. I'd also need to modify the Code.pm file that generates most of the handler cmd definitions. I've something like this working right now, so I know it's possible but it's not quite as I described here so I need to re-write it. Any feedback would be appreciated-- I don't want to write a patch that's not likely to be accepted upstream :) Thanks! -Aaron -- Aaron Knister Systems Administrator Division of Information Technology University of Maryland, Baltimore County aar...@umbc.edu
