Hi Perrin, I need to allow htaccess files for users to be able to customize their websites as required (specify authentication/authorization methods, rewrite rules, mime types, custom handlers etc.). I wish I could turn them off but I fear that it's not feasible for me to do so.
Specifically, the directives I would like to prevent are: Perl*Handler Perl*Var Perl*Env PerlOptions PerlModule PerlRequire <Perl> Pretty much any directive defined with the MP_CMD_DIR_* macros. -Aaron On Sat, Feb 11, 2012 at 6:29 PM, Perrin Harkins <per...@elem.com> wrote: > On Fri, Feb 10, 2012 at 6:46 AM, Aaron Knister <aar...@umbc.edu> wrote: > > I'm using mod_perl in a shared hosting environment for some server-side > > configuration bits. All dynamic content for the users runs through > SuEXEC, > > however this obviously doesn't help in the case of mod_perl so I would > like > > to prevent users from specifying any handlers or other potentially > > undesirable mod_perl options/directives in their .htaccess files. > > Is it necessary to allow htaccess files? If there's something that > you want people to be able to specify, maybe you can use a custom conf > file for it instead of allowing htaccess. > > If it is necessary, can you provide an example of an htaccess > directive that you're trying to prevent? > > - Perrin > -- Aaron Knister Systems Administrator Division of Information Technology University of Maryland, Baltimore County aar...@umbc.edu
