htaccess and apache security breach

#1
[eluser]mariowarner[/eluser]
Hi guys,

I posted a topic asking about security breaches in apache web server when I try and enable htaccess from httpd.conf but I do not know if I posted on the right place. This is relating to allowing the RewriteEngine to rewrite calls for index.php so that I won't have to type index.php on the URLs anymore. The problem is, my web hosting company is getting flaky on whether they should add the codes on their httpd.conf or not with reasons relating to server security. Below is the code that should be added to my web host's httpd.conf:
Code:
<Directory "/Users/myUserAccount/Sites/WebsiteDirectory"> #where / is the root of your server
    Options Indexes Includes FollowSymLinks MultiViews
    AllowOverride FileInfo
    Order allow,deny
    Allow from all
</Directory>

If anyone of you knows if any of the following lines that should be added in httpd.conf would breach their web server's security or not, or can point me to any direction that would clarify this out, I would greatly appreciate the reply.

I only have a week and then I will have to find a different web host (without any money-back) which would be a real hassle.

Thanks again.

#2
[eluser]thatscriptguy[/eluser]
You've already posted in your other thread that they've confirmed allowoverride is set to on, which I would expect for most shared hosts.

Your problem more than likely stems from an incorrect rewritebase line. Make sure it is correctly set, or even try commenting it out.

Kevin

#3
[eluser]mariowarner[/eluser]
yeah, i forgot to reset the rewritebase to /. it worked fine afterwards. thanks. i will be sure to remember this everytime i make a CodeIgniter based website.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.