• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
is there a security breach when using htaccess to rewrite index.php?

#1
[eluser]mariowarner[/eluser]
Hi guys,

Before I present the problem, below's an overview of what I am doing.

I am using a Powerbook G4 running on OS X 10.4.11 (non-server). I have just finished my first website that uses CodeIgniter a couple of days ago. I was able to run it on my machine, and was able to modify my machine's httpd.conf so that it allows the processing of the htaccess directive in my CodeIgniter directory. I can run the website locally without using index.php as part of the URL and it works fine for me.

The lines that I added to my httpd.conf are:
Code:
<Directory "/Users/myUserAccount/Sites/WebsiteDirectory">
    Options Indexes Includes FollowSymLinks MultiViews
    AllowOverride FileInfo
    Order allow,deny
    Allow from all
</Directory>

My htaccess file has the following lines:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /~myUserAccount/WebsiteDirectory/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>

<IfModule !mod_rewrite.c>
ErrorDocument 404 /index.php
</IfModule>

Here's the problem. The web hosting company where the website is located are flaking out when I asked them to add those lines of codes to their httpd.conf file. They are saying they have to review the codes first since it might cause a security breach on their server.

I am not a server administrator so I do not really know everything about apache except for some codes that I use, and I definitely know nothing about security breaches relating to it. I wanted to ask this forum first if anyone knows or can point me to a definitive guide that says whether those codes will cause security breach to their server or to my WebsiteDirectory and its contents, or not.

I have already downloaded some manuals regarding Apache but it might take ages of reading before I get to the information I need so If anyone knows anything, please help.

I have to have the site up now because I am on a deadline and the problem now is not on my end, but on the web host, but I do think if I can show them that there's nothing to worry about, then they will add the following codes I requested.

Thank you for all the help. Smile


Messages In This Thread
is there a security breach when using htaccess to rewrite index.php? - by El Forum - 02-13-2008, 09:20 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.