----- Original Message ----- > Per a dialog with a reporter and Ben Laurie, I did a search on where > we had enabled Multiviews, and I'd propose we disable this by default > as the server would default it as well. These places were; > > Index: extra/httpd-userdir.conf.in > =================================================================== > --- extra/httpd-userdir.conf.in (revision 1166228) > +++ extra/httpd-userdir.conf.in (working copy) > @@ -15,7 +15,7 @@ > # > <Directory "/home/*/public_html"> > AllowOverride FileInfo AuthConfig Limit Indexes > - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec > + Options Indexes SymLinksIfOwnerMatch IncludesNoExec > <Limit GET POST OPTIONS> > Order allow,deny > Allow from all > Index: extra/httpd-autoindex.conf.in > =================================================================== > --- extra/httpd-autoindex.conf.in (revision 1166228) > +++ extra/httpd-autoindex.conf.in (working copy) > @@ -20,7 +20,7 @@ > Alias /icons/ "@exp_iconsdir@/" > > <Directory "@exp_iconsdir@"> > - Options Indexes MultiViews > + Options Indexes > AllowOverride None > Order allow,deny > Allow from all > > Amazingly it doesn't show up in extra/httpd-manual.conf because we > don't even rely on the feature (those are type-maps). > > Neither /~user/ or /icons/ by default requires the multiviews > feature. > So please indicate which way we want to go here... > > [ ] +1 remove these MultiViews from trunk/2.2/2.0 > [ ] -1 leave these with MultiViews by default
+1 remove from trunk -1 remove from 2.2/2.0 Who knows how many configs we're breaking with that? Also I don't quite see how it's a security thing, at best "security" and, for sure, a performance thing (notice: No "") i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: [email protected] URL: http://brainsware.org/ GPG: 571B 8B8A FC97 266D BDA3 EF6F 43AD 80A4 5779 3257
