DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43698>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43698 Summary: Apache AllowOverride Groups Reorganize Proposal Product: Apache httpd-2 Version: 2.3-HEAD Platform: Other OS/Version: other Status: NEW Severity: minor Priority: P5 Component: Core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hello, I'm it specialist of a big italian hoster. The problem that i solved is this: Currently every major hoster that offers shared hosting service as the problem to give a chance to its customers to use rewriterule by Htaccess. At the same time there is the problem of maintaining security and privacy (being a shared environment). This, for us, is currently managed by cgiwrap, which puts between apache and php/perl and creates a chroot environment where the customer can not exit. The rewriterule have become necessary because most famous cms such as WordPress, Joomla etc. to use rewriterule for give back to browser the url without query string (the famous permalink) for the search engine indexing improve scoring. The problem is that activating the directives rewrite some other directives that are very dangerous for a shared hosting is activating too. For example AddHandler, SetHandler, ForceType. Through these directives in Htaccess file any one of our client (or a cracker with cross-site-scripting) can activate any scripting system on an extension to his choice would not be intercepted by cgiwrap. At that point the execution of this script would in a chroot environment where the user can see other users' files. With these patches I moved all directives related to activation of executions cgi from group FileInfo to group Options (not give to users). I created this patch for reorganizing groups in allowoverride The directives passed by the group that FileInfo to Options is -------------------------------------------------------------- CORE ForceType, SetHandler, SetOutputFilter, SetInputFilter, AddOutputFilterByType MOD_ACTION Action MOD_MIME AddHandler, AddInputFilter, AddOutputFilter, AddType -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
