Hi

I have been thru all the searches on this site relating to the RAQ4.

I simply can't get the RAQ4 to accept the Apache .htaccess protocol.

Anybody any ideas why and if there is an alternative?

Thanks

.htaccess file usage is disabled by default on the RaQ4 for security reasons. If you need to reenable it, you will need to edit the web server configuration files directly.
The file you need to edit is " /etc/httpd/conf/access.conf ".
Near the top of this file, there is a line that reads as follows:

For Dir

AllowOverride None

Change AllowOverride None to AllowOverride All

Reboot server

Explanation can be found here.
http://httpd.apache.org/docs/mod/core.html#allowoverride

Thanks.

I was looking at httpd.conf

Is there a security issue with .htaccess?

Originally posted by thednt
Thanks. I was looking at httpd.conf Is there a security issue with .htaccess?

No. Some RaQ4's have .htaccess enabled by default, some have it disabled. There use to be an exploit for the .htaccess on the RaQ4, which was why it was disabled. The exploit was fixed by an old security update so you don't need to worry about enabling it.

Sorry, I have to disagree. .htaccess does have ONE MAJOR HOLE if set up incorrectly. If the user can enable the exec SSI command then they can mess with the system itself.

Correct so instead use

AllowOverride AuthConfig

thanks for that tip...

I have the same problem htaccess not working at my machine.

I looked foor the above mentioned sentence, but did not find it.
I did find this:

# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"

AllowOverride AuthConfig Indexes Limit

# ignore .ht*
<Files ".ht*">
deny from all
</Files>


Is this the line i should change ?

In acces.conf ...

Ok, here you go. Look for this section:

Options Indexes FollowSymLinks Includes MultiViews

# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"

AllowOverride All

# ignore .ht*
<Files ".ht*">
deny from all
</Files>

# Controls who can get stuff from this server...



restart httpd

What exactly does AuthConfig do?

It means that from the .htaccess file Apache makes use of the authorization directives (AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, etc.).

If you only have specified AuthConfig then these directives are the only directives Apache makes use of ( it ignores all the others )

Other directives could typically be ErrorDocument 404 for custom error handling.

Once again:
http://httpd.apache.org/docs/mod/core.html#allowoverride