[Spip-maintainers] Bug#651164: spip: htaccess related message after configuration
David Prévot
david at tilapin.org
Tue Dec 6 15:31:32 UTC 2011
Hi Olivier,
Thanks for your report,
Le 06/12/2011 07:37, Olivier Berger a écrit :
> After rolling the different dialogs of the installation through /spip/ecrire, I get the following warning
[…]
> (htaccess not active : warning: the web server configuration doesn't take .htaccess into consideration.
[…]
> I believe some configuration should be defined in the provided apache config or likes so that such warning doesn't occur.
Well, I'm not sure it would be a good idea to accept .htaccess handling
by default actually (wrt previous exploits using this “feature”), and
the “AllowOverride None” of /usr/share/doc/spip/apache2.conf sounds like
a better idea.
Maybe should we add a comment in that template file, and maybe should we
patch the SPIP installer not to show this warning.
Some plugins (e.g. “Restricted Access”) rely on these .htaccess
features, but I'm still reluctant to allow these by default: it should
be an administrator choice to allow them (the needed feature, e.g. wrt
“Restricted Access” can even be provided in the Apache configuration
file, maybe should we add a note about it in the README or the Apache
template file).
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/spip-maintainers/attachments/20111206/9904d862/attachment.pgp>
More information about the Spip-maintainers
mailing list