Re: [mod-security-users] mod_security in .htaccess files opinions?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security in .htaccess files opinions?
|
From: <ha...@mm...> - 2004-09-30 13:48:52
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I think its a good thing to be able to configure it in .htaccess files. This comes in handy if you have to disable it for certain apps, e.g. phpMySQL or some documentation system where I e.g. want to document administration steps which contain SQL statements and other such kinda admin tools. Just my 2 cents. Harry - --On Monday, September 27, 2004 19:34:20 +0100 Ivan Ristic <iv...@we...> wrote: > > I am thinking about removing the ability of mod_security > to have its configuration directives in .htaccess files. I > am even considering doing that in the forthcoming 1.8.5 > release. I haven't made up my mind yet but I'd like to > know what others think about it. For example: > > * Are you configuring mod_security from .htaccess files? > > * Are you aware mod_security can be used from .htaccess > files (AllowOverride AuthConfig is required)? > > * Would you consider giving other (semi-trusted) people > access to mod_security directives? > > Basically I am not convinced people are aware mod_security > directives can be used from .htaccess files and about > potential consequences. (I am to blame for that, of course, > I should have documented that better.) > > On the other hand, I would hate to break backward > compatibility in a minor, bug-fixing release. So the > other option is to have .htaccess configuration directives > off by default in 1.9.x, and introduce a global directive > to enable it explicitly. > > Would someone care to share their views? - -- 1024D/40F14012 18F3 736A 4080 303C E61E 2E72 7E05 1F6E 40F1 4012 - -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT/S dx s: a C++ ULS++++$ P+++ L+++$ !E W++ N+ o? K? !w !O !M V PS+ PE Y? PGP+++ t+ 5-- X+ R+ !tv b++ DI++ D+ G e* h r++ y++ - ------END GEEK CODE BLOCK------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBXA6/fgUfbkDxQBIRAnhWAJ9hYOnQR+MqXgmYyv1lw/L5U+PRigCfarBF v0umWcWFEQBDh0HuucO+IOU= =7RXj -----END PGP SIGNATURE----- |
