AllowOverride Apache 2.4 question
We recently transferred a site using the Transfer tool (which we really like) but after the transfer the website kept giving server error messages. The particular website, predominately PHP, apparently needs the httpd.conf file edited to AllowOverride All to enable their .htaccess file to make changes.
In Apache 2.2 the default was AllowOverride All but in Apache 2.4 the default is AllowOverride None. My question is by overriding the default in Apache 2.4 are we risking security issues?
Thanks for any guidance you can give us.
-
Hello, You can find discussion on the security aspect of that setting on the following StackOverflow threads: Security question about httpd.conf AllowOverride setting AllowOverride security issues Information about how this setting works is documented at: core - Apache HTTP Server Version 2.4 Note there's also some performance issues to consider. In cPanel 64, the following option is available under "WHM Home " Service Configuration " Apache Configuration " Global Configuration": Optimize .htaccess (AllowOverride) Per it's description: Reduce the paths Apache will check for ".htaccess" files. Reducing the number of places Apache has to look for .htaccess files can significantly boost server performance. Thank you. 0
Please sign in to leave a comment.
Comments
1 comment