.htaccess and Options All -Indexes

Discussion in 'General' started by edge, Nov 11, 2007.

  1. edge

    edge Active Member Moderator

    In one of my .htaccess file I have the following: Options All -Indexes

    Now the problem is that when added to the .htaccess file the Options All -Indexes will throw a 500 error.
    I tried adding the Options All -Indexes to the ISPconfig's Apache Directives, but this does not work.

    Any suggestions on how to get the Options All -Indexes to work?
    Without it the script will not work correct :/
     
  2. mattias

    mattias New Member

    having same problem, getting that 500 error,
    i hope someone know a solution ^.^
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Please have a look at the error log of the website to get a detailed error message.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    @edge. Put the line in the apache directives field instead of a .htaccess file.
     
  5. edge

    edge Active Member Moderator

    Thank you till, but as you can see I've tested this already in post1

    I'm now not sure if it's a script error, or the Options All -Indexes

    Problem that I'm having is like this:
    PHP:
    Workinghttp://www.domain.tld/thumbnail.php?file=logo.gif&size=medium
    Not workinghttp://www.domain.tld/thumbnail.php?file=logo.gif&size=medium
    Note the & in working and & in not working.

    Now I'm not 100% sure anymore if this is caused by the Options All -Indexes problem.
     
  6. mattias

    mattias New Member

    in httpd.conf you need to set AllowOverride All to the directory of /var/www/*/web and /var/www/*/user/*/web, you can do this per user acc in with a whole set of directives, the default of ISPConfig seems to add so you can't set Options in .htaccess, among other things.

    im by no means a security expert, so i don't know why it is like this.

    i kept my httpd.conf as it was and set the configurations per acc instead
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    If you set AllowOverride to all like you did, very customer is able to enable all functions in apache that he wants, even if he has not paid for them or if the functions contain security problems. Never enable AlloeOverride All on a server that is not just usd as personal home server without customers that you trust 100%.

    AllowObverride All is not needed if you put the directives in the apache directives field.
     
  8. mattias

    mattias New Member

    yeah, i've only done AllowOverride All on my user.
    but how can i enable custom .htaccess things like "suPHP_ConfigPath" without AllowOverride All? I've been looking and looking, but can't find any answer...

    edit: ok so, somehow i don't get error 500 anymore, and i use the defaults, and i decided to not let each user use their own php.ini and instead make a good global php.ini working with as much applications as possible...
     
    Last edited: Nov 13, 2007

Share This Page