php_flag and AllowOverrides

**runderwo@mail.win.org** · Jun 6 '07, 10:25 PM

Re: php_flag and AllowOverrides

On Jun 6, 4:52 pm, "runde...@mail. win.org" <runde...@mail. win.org>
wrote:

Is there a specific AllowOverrides directive that will allow me to use
php_flag in .htaccess? All I can see is that AllowOverrides all will
do the trick, but unfortunately I don't want the user to be able to
override anything else....

Okay, AllowOverrides Options will also do the trick, but that also
lets the user enable ExecCGI and Includes which I am specifically
trying to avoid... I wish I could do something like AllowOverrides
php_flag php_value, i.e. on a single variable basis instead of the
predefined groups.

**Erwin Moller** · Jun 7 '07, 09:05 AM

Re: php_flag and AllowOverrides

runderwo@mail.w in.org wrote:

On Jun 6, 4:52 pm, "runde...@mail. win.org" <runde...@mail. win.org>
wrote:

>Is there a specific AllowOverrides directive that will allow me to use
>php_flag in .htaccess? All I can see is that AllowOverrides all will
>do the trick, but unfortunately I don't want the user to be able to
>override anything else....

>
Okay, AllowOverrides Options will also do the trick, but that also
lets the user enable ExecCGI and Includes which I am specifically
trying to avoid... I wish I could do something like AllowOverrides
php_flag php_value, i.e. on a single variable basis instead of the
predefined groups.

Hi,

I have been looking for the same, but didn't find it.
Stuck with 'Options' too.

I made the missery a little less by only using AllowOverrides Options for 1
virtual host in apache, but still...

If you find a better solution, please let me/us know.

Regards,
Erwin Moller

**Schraalhans Keukenmeester** · Jun 8 '07, 06:35 AM

Re: php_flag and AllowOverrides

At Wed, 06 Jun 2007 22:18:39 +0000, runderwo@mail.w in.org let h(is|er)
monkeys type:

On Jun 6, 4:52 pm, "runde...@mail. win.org" <runde...@mail. win.org>
wrote:

>Is there a specific AllowOverrides directive that will allow me to use
>php_flag in .htaccess? All I can see is that AllowOverrides all will
>do the trick, but unfortunately I don't want the user to be able to
>override anything else....

>
Okay, AllowOverrides Options will also do the trick, but that also
lets the user enable ExecCGI and Includes

Not necessarily. http://httpd.apache.org/docs/2.0/mod/core.html#options

--
Schraalhans Keukenmeester - schraalhans@the .Spamtrapexampl e.nl
[Remove the lowercase part of Spamtrap to send me a message]

"strcmp('apples ','oranges') < 0"

**runderwo@mail.win.org** · Jun 8 '07, 12:35 PM

Re: php_flag and AllowOverrides

On Jun 8, 1:27 am, Schraalhans Keukenmeester
<Schraalh...@th e.spamtrapexamp le.nlwrote:

At Wed, 06 Jun 2007 22:18:39 +0000, runde...@mail.w in.org let h(is|er)
monkeys type:
>

Okay, AllowOverrides Options will also do the trick, but that also
lets the user enable ExecCGI and Includes

>
Not necessarily.http://httpd.apache.org/docs/2.0/mod/core.html#options

I guess I don't see how the link contradicts my statement. If
AllowOverrides Options is in effect, the user can stick Options
+ExecCGI +Includes in his .htaccess, which I don't want, because those
would allow him to execute code with web server's privilege -- no help
from suexec there.

**Schraalhans Keukenmeester** · Jun 8 '07, 05:25 PM

Re: php_flag and AllowOverrides

At Fri, 08 Jun 2007 12:27:01 +0000, runderwo@mail.w in.org let h(is|er)
monkeys type:

On Jun 8, 1:27 am, Schraalhans Keukenmeester
<Schraalh...@th e.spamtrapexamp le.nlwrote:

>At Wed, 06 Jun 2007 22:18:39 +0000, runde...@mail.w in.org let h(is|er)
>monkeys type:
>>

Okay, AllowOverrides Options will also do the trick, but that also
lets the user enable ExecCGI and Includes

>>
>Not necessarily.http://httpd.apache.org/docs/2.0/mod/core.html#options

>
I guess I don't see how the link contradicts my statement. If
AllowOverrides Options is in effect, the user can stick Options
+ExecCGI +Includes in his .htaccess, which I don't want, because those
would allow him to execute code with web server's privilege -- no help
from suexec there.

You're right, my bad, for a moment I thought the (dis-)allowed sub-options
could be specified in the AllowOverride clause. Which isn't the case, of
course. My bad.

Sh.

--
Schraalhans Keukenmeester - schraalhans@the .Spamtrapexampl e.nl
[Remove the lowercase part of Spamtrap to send me a message]

"strcmp('apples ','oranges') < 0"

php_flag and AllowOverrides

php_flag and AllowOverrides

Comment

Comment

Comment

Comment

Comment