Item14047: sample .htaccess files are too complex
Priority: Normal
Current State: Closed
Released In: 2.1.1
Target Release: patch
The example
bin-htaccess.txt
is especially complex, with examples for LDAP, and Apache auth.
This task is to split this sample into
bin-htaccess-basic.txt
and
bin-htaccess-advanced.txt
. For Apache 2.2, or 2.4 with mod_access_compat enabled, we should be able to have a file that works without any tailoring.
- The FollowSymLinks option could be enabled by default. It's low risk to enable, as there is no known path for a user to use Foswiki to create a symlink. and will make foswiki more likely to work "out of the box"
- We also should block access to the LocalLib files. They can't actually be accessed, but no sense leaving them reachable.
- Also add in commented Apache 2.4 style auth statements, in the event that
mod_access_compat
is not enabled
--
GeorgeClark - 11 Apr 2016