[solved] disable .htaccess

[bt5]

hello,
i use this for disable htaccess on my server
hackers can use htaccess to active perl by this way

they add this to htaccess like
Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .cin AddHandler cgi-script .cin AddHandler cgi-script .cin

also i use this steps to stop it but htaccess working yet

Originally Posted by NiteWave View Post
tested on our cPanel box, the setting:

admin console->Server->Request Filter->Disable .htaccess Override:Yes

apply for virtual hosts defined in apache httpd.conf.

 

[mistwang]

You have to disable "AllowOverride" from Apache httpd.conf.

 

[bt5]

i did, but i steep working yet

<Directory "/">
    Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
    AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks
</Directory>

 

[mistwang]

Your AllowOverride allow too much, check "AddType" ,"AddHandler" documentation, and disable the option that allow overriding those.

 

[mistwang]

http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addtype

You have to turn off "FileInfo" override to disable "AddType" and "AddHandler" directives in .htaccess.

 

[bt5]

can you to tell me how i can turn off "FileInfo"

on Cpanel Apache i just add this line for htaccess,

<Directory "/">
Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks
</Directory>

its disabled "AddType" and "AddHandler"
but from your apach ddt work

 

[mistwang]

remove "FileInfo" from "AllowOverride" directive.

 

[bt5]

root@server1 [~]# find /usr/local -name httpd.conf /usr/local/lsws/add-ons/frontpage/conf/httpd.conf
/usr/local/apache/conf/original/httpd.conf
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf_pre_ea3/original/httpd.conf
/usr/local/apache/conf_pre_ea3/httpd.conf

i have remove it from
/usr/local/apache/conf_pre_ea3/httpd.conf
and
/usr/local/apache/conf/httpd.conf

but htaccess addtyme and addhandler is working yet
did i must restart something?

 

[bt5]

after restart Apache it disabled! also SEO is disable from my server i ddt want disable SEO

 

[mistwang]

There is no way to around it, if you disable "FileInfo", all configuration require "FileInfo" override will be disabled too. You have to make decisions based on what is the most important to you.

 

[bt5]

i'm said in my apache i have some httpd file and perl was disabled htaccess ddt work for active perl, htaccess just work for server rules
but on your apache its work for any thing

my mean is when i Switch to Apache perl is disable and when Switch to LiteSpeed perl work

 

[mistwang]

Solution posted in
http://www.litespeedtech.com/support/forum/showthread.php?t=4642

 

[bt5]

thank you! fixed