logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: [Solved] Option not allowed in .htaccess
Author
Jan-E



Joined: 09 Mar 2012
Posts: 1266
Location: Amsterdam, NL, EU

PostPosted: Tue 11 Dec '18 12:13    Post subject: [Solved] Option not allowed in .htaccess Reply with quote

In our Apache config only some Options are included in the AllowOverride list. If you disable CGI Access for a domain in Directadmin it is not allowed to override ExecCGI for that domain. A .htaccess (generated from a template) contained the following lines:

Code:
<IfModule mod_cgi.c>
  Options -ExecCGI
</IfModule>

This was causing an Error 500: Option ExecCGI not allowed here

Workaround was to allow CGI Access, only to be able to disable it in .htaccess. There must be better ways to do this.

1. Is there a way in .htaccess to know if ExecCGI is on?
2. Is there a way in .htaccess to detect if we are allowed to Override ExecCGI?


Last edited by Jan-E on Mon 20 Jun '22 18:26; edited 1 time in total
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 11 Dec '18 16:42    Post subject: Reply with quote

Hi Jan,
I haven't tested it, but I can think of an "If expression".

Code:

<If "%{HANDLER} == 'cgi-script'">
Require all denied
</If>



What I already tested as working in REAL WORLD is
Code:

<If "%{HTTP_HOST} == 'stage.example.com'">
    AuthType basic
    AuthName "private"
    AuthUserFile /home/example/.htpasswd
    Require valid-user
</If>


See https://httpd.apache.org/docs/2.4/expr.html and https://httpd.apache.org/docs/2.4/handler.html
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Thu 13 Dec '18 11:22    Post subject: Reply with quote

Well I found by accident today AllowOverrideList [1]

That might be an option for you.

[1] https://httpd.apache.org/docs/2.4/en/mod/core.html#allowoverridelist
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Fri 14 Dec '18 12:01    Post subject: Reply with quote

I tested it a bit and what worked

Code:

AllowOverride     Options=None
AllowOverrideList RewriteEngine RewriteBase RewriteCond RewriteRule
Back to top


Reply to topic   Topic: [Solved] Option not allowed in .htaccess View previous topic :: View next topic
Post new topic   Forum Index -> Apache