Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

httpd.conf AllowOverride All

Tags:

apache

.htaccess

codeigniter

httpd.conf

I am trying to remove the index.php from my codeigniter URL. I have apache24 with codeigniter and ion auth. The only way I can get this to work is by allowing AllowOverride All.

The relevant code is:

<Directory "c:/Apache24/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Using AllowOverride None this returns a 404 error code. Using AllowOverride All it works.

What are the security implications with this on a production server?

like image 882
Smudger Avatar asked Jun 30 '14 19:06

Smudger

People also ask

What is AllowOverride all?

Apache has an option called “AllowOverride” which allows you to override some Apache settings via a . htaccess file you can place in a directory. In it, you can override PHP settings, create URL rewrites, … Pretty much the basics for every website.

What is AllowOverride none?

None disables all . htaccess files and directives. This directive is inheritable. This means if you specify AllowOverride none for some directory or virtual host . htaccess files will also be disabled for all subdirectories.

What is AllowOverride when do we use it?

AllowOverride directive is used to allow the use of . htaccess within the web server to allow overriding of the Apache config on a per directory basis.

1 Answers

AllowOverride directive is used to allow the use of .htaccess within the web server to allow overriding of the Apache config on a per directory basis. I believe CI uses mod_rewrites to make it work correctly. That's why it only works when you have AllowOverride All because you are telling the webserver to allow the use of an .htaccess file which CI uses. That's the simple answer. It's not about security per say, it's for the use of .htaccess files.

You will most likely have to use AllowOverride All to use codeigniter because that's the way it works. There shouldn't be any major security concerns with using this directive. Security wise you should be fine. Just don't use AllowOverride All in a <Directory /> block.

Only use it in a specific web directory only. This below is what you have now and should be fine with AllowOverride All.

<Directory "c:/Apache24/htdocs">

if it wasn't for this directive, .htaccess files would not work. Have a look at the documentation for more detailed explanation.

http://httpd.apache.org/docs/current/mod/core.html#allowoverride

like image 94
Panama Jack Avatar answered Sep 23 '22 01:09

Panama Jack
Sign in to Comment

Related questions

mod_wsgi isn't honoring WSGIPythonHome
to get columns from Excel files using Apache POI?
What is the meaning of "per route basis" in PoolingClientConnectionManager?
APACHE Crashing: Parent: child process exited with status 3221225477 -- Restarting
Why there are so many apache processes running?
Case Insensitive URLs with mod_rewrite
Block images, CSS or JS if the user did not visit my site
Creating Wildcard Sub Domain Using Apache VirtualHost
How to set up proxy in .htaccess
A general linux file permissions question: Apache and WordPress
Apache POI XSSF reading in excel files
What happens if you edit a php script while an instance of it is running?
Trying to put an exception to RewriteRule in .htaccess
How to tell apache to LocationMatch opposite of this?
PHP Startup: Unable to load dynamic library `curl.so` Ubuntu
Set Content-Disposition header to attachment only on files in a certain directory?
mod_pagespeed magento
What's difference between a simple webserver and Apache server?
Please provide an Apache SSLCipherSuite that will pass a PCI Compliance Scan
Where do I put "WSGIPassAuthorization On"?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!