Re: [users@httpd] using mod_rewrite to get around unknown directive in .htaccess :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> httpd-users

httpd-users

Re: [users@httpd] using mod_rewrite to get around unknown directive in .htaccess
by Joshua Slive other posts by this author
Jan 31 2006 4:52PM messages near this date

Re: [users@httpd] using mod_rewrite to get around unknown directive in .htaccess | [users@httpd] Precompiled Mod_SSL binaries for Win32 and Apache 1.3

On 1/31/06, Joshua Slive <joshua@[...].ca>  wrote:
>  On 1/31/06, Jason Keltz <jas@[...].ca> wrote:
>  > On Tue, 31 Jan 2006, Joshua Slive wrote:
> 
>  > > Use httpd.conf to turn off .htacess processing (AllowOverride) in the
>  > > relevant directory inside the <VirtualHost> section for the non-ssl
>  > > host.
>  >
>  > Hi Joshua,
>  >
>  > Unfortunately, this won't do it since multiple users can use the
>  > directives on the https server in any directory.  Is there no
>  > "IgnoreErrors" directive in .htaccess?  What I really don't get is that if
>  > I redefine the error message in the top-level .htaccess, that does indeed
>  > get read which shows that the server reads the top-level .htaccess before
>  > reading the bottom-level one.  How come an Error code web page
>  > redefinition works, but a  mod_rewrite rule does not..
> 
>  It does work.  It is just that apache must ALSO read the .htaccess
>  file in the subdirectory, since it may have additional RewriteRules
>  (or other directives) that will change the parent directory
>  configuration.  And simply ignoring config-file syntax errors would be
>  a security problem.  You could, of course, simply create a stub module
>  that impliments the directive as a no-op.  That would be relatively
>  easy.
> 
>  You haven't fully specified your problem, so it is difficult to
>  suggest solutions.  The obvious one is to use
>  AccessFileName .htaccess-secure .htaccess
>  on the ssl site.  Then if anyone is using directives that work only on
>  the ssl server, tell them to rename their .htaccess to
>  .htaccess-secure.

Oh, and a third alternative is to use an
ErrorDocument 500 /cgi-bin/go-to-ssl.cgi
which could then issue the redirect without the client ever seeing the error.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>  for more info.
To unsubscribe, e-mail: users-unsubscribe@[...].org
   "   from the digest: users-digest-unsubscribe@[...].org
For additional commands, e-mail: users-help@httpd.apache.org

Thread:

Jason Keltz

Joshua Slive

Jason Keltz

Joshua Slive