Apache htaccess disallow adding these rules

postcd · 07-16-2014, 01:48 AM

Hello,

on a server how i can disallow anyone adding into .htaccess apache rules like:
AddType txt .php

and

AddHandler cgi-script .cin

(addtype, addhandler)?

// update: i found regarding php, it can be set that php files are handled only by apache, not txt or anything else:
this into httpd.conf or similar:

Quote:

<FilesMatch "\.ph(p[2-6]?|tml)$"> # this equal to: .php, .php2, .php3, .php4, .php5, .php6 .phtml
SetHandler application/x-httpd-php5
</FilesMatch>

but regarding cgi, im unsure

bathory · 07-16-2014, 02:20 AM

Quote:

Originally Posted by postcd

Hello,

on a server how i can disallow anyone adding into .htaccess apache rules like:
AddType txt .php

and

AddHandler cgi-script .cin

(addtype, addhandler)?

You can use AllowOverride excluding the FileInfo keyword, e.g.

Code:

AllowOverride Options Indexes Authconfig

For more details have a look here
Regards

postcd · 07-16-2014, 09:19 AM

thx, i thought Indexes are part of "Options" directive, the "Options" contains "FollowSymLinks" which i think i need to have allowed in .htaccess because of Joomla.

Please where can i place that lince you mentioned? into global php.ini or global httpd.conf? that line dont need to have anything around it to work?

bathory · 07-16-2014, 10:38 AM

Quote:

Please where can i place that lince you mentioned? into global php.ini or global httpd.conf? that line dont need to have anything around it to work?

You need to put it into a <Directory /some/dir></Directory> section.
If you want to use it globally for your server replace "/some/dir" with the path to docroot

postcd · 07-16-2014, 01:56 PM

thx, so these into global php.ini or httpd.conf?

You mentioned

Quote:

AllowOverride Options Indexes Authconfig

but i know my sites using options and indexes directives in htaccess, so i would rather disable only that Addtype, Addhandler :-/

bathory · 07-17-2014, 12:18 AM

Quote:

thx, so these into global php.ini or httpd.conf?

In httpd.conf. Note that php.ini has nothing to do with apache configuration

Quote:

You mentioned
AllowOverride Options Indexes Authconfig
but i know my sites using options and indexes directives in htaccess, so i would rather disable only that Addtype, Addhandler :-/

It's just an example, to show you, that if you want to disable those 2 directives, then don't use FileInfo in the AllowOverride directive

postcd · 07-18-2014, 02:15 AM

thanks, so please anyone knows how to disable addtype, addhandler "directives?" in httpd.conf ?

bathory · 07-18-2014, 03:36 AM

Quote:

Originally Posted by postcd

thanks, so please anyone knows how to disable addtype, addhandler "directives?" in httpd.conf ?

You can't disable them in httpd.conf. Just don't use them if you don't need them.