On Sat, Feb 11, 2012 at 7:23 PM, Aaron Knister <aar...@umbc.edu> wrote: > I need to allow htaccess files for users to be able to customize their > websites as required (specify authentication/authorization methods, rewrite > rules, mime types, custom handlers etc.). I wish I could turn them off but I > fear that it's not feasible for me to do so.
Well, here's my idea. I'd turn off htaccess and provide an alternate way for people to configure those things. That might just be a file called user.conf or something that you parse yourself and set conf directives with. Not exactly simple, but if security is the issue I usually like a list of things you can do better than a list of things you can't. - Perrin
