logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Option not allowed in .htaccess

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
Jan-E



Joined: 09 Mar 2012
Posts: 921
Location: Amsterdam, NL, EU

PostPosted: Tue 11 Dec '18 12:13    Post subject: Option not allowed in .htaccess Reply with quote

In our Apache config only some Options are included in the AllowOverride list. If you disable CGI Access for a domain in Directadmin it is not allowed to override ExecCGI for that domain. A .htaccess (generated from a template) contained the following lines:

Code:
<IfModule mod_cgi.c>
  Options -ExecCGI
</IfModule>

This was causing an Error 500: Option ExecCGI not allowed here

Workaround was to allow CGI Access, only to be able to disable it in .htaccess. There must be better ways to do this.

1. Is there a way in .htaccess to know if ExecCGI is on?
2. Is there a way in .htaccess to detect if we are allowed to Override ExecCGI?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6531
Location: Germany, Next to Hamburg

PostPosted: Tue 11 Dec '18 16:42    Post subject: Reply with quote

Hi Jan,
I haven't tested it, but I can think of an "If expression".

Code:

<If "%{HANDLER} == 'cgi-script'">
Require all denied
</If>



What I already tested as working in REAL WORLD is
Code:

<If "%{HTTP_HOST} == 'stage.example.com'">
    AuthType basic
    AuthName "private"
    AuthUserFile /home/example/.htpasswd
    Require valid-user
</If>


See https://httpd.apache.org/docs/2.4/expr.html and https://httpd.apache.org/docs/2.4/handler.html
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6531
Location: Germany, Next to Hamburg

PostPosted: Thu 13 Dec '18 11:22    Post subject: Reply with quote

Well I found by accident today AllowOverrideList [1]

That might be an option for you.

[1] https://httpd.apache.org/docs/2.4/en/mod/core.html#allowoverridelist
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6531
Location: Germany, Next to Hamburg

PostPosted: Fri 14 Dec '18 12:01    Post subject: Reply with quote

I tested it a bit and what worked

Code:

AllowOverride     Options=None
AllowOverrideList RewriteEngine RewriteBase RewriteCond RewriteRule
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1