On Wed, 4 Apr 2018 10:46:31 -0400
Eric Covener <cove...@gmail.com> wrote:
> What is the correct configuration that doesn't cause htaccess to be
> visited? If it's trunk only, I think it should be an alternate config
> mechanism rather than making it incompatible with any other setting in
Anything equivalent to the "canonical" example in both the
mod_status docs and the shipped httpd-info.conf.in .
Note that the latter also implies it can be restricted to
an access list, which is misleading if any "Require" can
be bypassed through .htaccess.
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.
Require host .example.com
Require ip 127
> >> Comments?
> RewriteRule [P] in htaccess isn't anywhere near "screwed up".
I disagree. .htaccess has no business enabling a user to
access server resources outside his/her own directories.
AllowOverride Fileinfo is a mess of largely-unrelated stuff,
as pointed out by (IIRC) Jacob in the earlier discussion.