[solved] disable .htaccess

Discussion in 'General' started by bt5, Oct 29, 2011.

  1. bt5

    bt5 New Member

    hello,
    i use this for disable htaccess on my server
    hackers can use htaccess to active perl by this way

    they add this to htaccess like
    Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .cin AddHandler cgi-script .cin AddHandler cgi-script .cin

    also i use this steps to stop it but htaccess working yet
    Last edited by a moderator: Oct 31, 2011
  2. mistwang

    mistwang LiteSpeed Staff

    You have to disable "AllowOverride" from Apache httpd.conf.
  3. bt5

    bt5 New Member

    i did, but i steep working yet
    Code:
    <Directory "/">
        Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
        AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks
    </Directory> 
  4. mistwang

    mistwang LiteSpeed Staff

    Your AllowOverride allow too much, check "AddType" ,"AddHandler" documentation, and disable the option that allow overriding those.
  5. mistwang

    mistwang LiteSpeed Staff

  6. bt5

    bt5 New Member

    can you to tell me how i can turn off "FileInfo"

    on Cpanel Apache i just add this line for htaccess,
    its disabled "AddType" and "AddHandler"
    but from your apach ddt work
  7. mistwang

    mistwang LiteSpeed Staff

    remove "FileInfo" from "AllowOverride" directive.
  8. bt5

    bt5 New Member

    root@server1 [~]# find /usr/local -name httpd.conf /usr/local/lsws/add-ons/frontpage/conf/httpd.conf
    /usr/local/apache/conf/original/httpd.conf
    /usr/local/apache/conf/httpd.conf
    /usr/local/apache/conf_pre_ea3/original/httpd.conf
    /usr/local/apache/conf_pre_ea3/httpd.conf

    i have remove it from
    /usr/local/apache/conf_pre_ea3/httpd.conf
    and
    /usr/local/apache/conf/httpd.conf

    but htaccess addtyme and addhandler is working yet
    did i must restart something?
  9. bt5

    bt5 New Member

    after restart Apache it disabled! also SEO is disable from my server i ddt want disable SEO
  10. mistwang

    mistwang LiteSpeed Staff

    There is no way to around it, if you disable "FileInfo", all configuration require "FileInfo" override will be disabled too. You have to make decisions based on what is the most important to you.
  11. bt5

    bt5 New Member

    i'm said in my apache i have some httpd file and perl was disabled htaccess ddt work for active perl, htaccess just work for server rules
    but on your apache its work for any thing

    my mean is when i Switch to Apache perl is disable and when Switch to LiteSpeed perl work
  12. mistwang

    mistwang LiteSpeed Staff

  13. bt5

    bt5 New Member

    thank you! fixed

Share This Page