AllowOverride inside .htaccess

**AndrewT** · 01-06-2008, 09:08 AM

Please clarify as to what you mean in regards to disabling .htaccess? If you don't have a .htaccess file, it won't be used. If there is one there, it will be used.

**Zalman** · 01-06-2008, 10:29 AM

More info

I am trying to set up space that users can upload files (untrusted) and I would like to "sandbox" this area. Now, its rather easy to disable code execution, ie perl or cgi, with .htaccess (with AddHandler default-handler .cgi .pl .shtml). THE PROBLEM is users can upload .htaccess files! By that they can reverse this action.

I looked up this issue and found the AllowOverride apache directive is allowed only in a Directory directive, which in turn is allowd only in a configuration file.

So my question is can I have a line added in the configuration file, that looks like:

<Directory /home/xxxxxxx/public_html/sites/sendbox>
AllowOverride none
</Directory>
?

thanks in advance

**AndrewT** · 01-06-2008, 10:32 AM

Unfortunately a custom change like this would just get wiped out by cPanel almost every day. If you are using a script to upload I would make sure that it does not allow .htaccess files to be uploaded. If you're giving them FTP access you could give them access to a directory outside of your public_html.

**Zalman** · 01-06-2008, 10:42 AM

Originally posted by AndrewT

Unfortunately a custom change like this would just get wiped out by cPanel almost every day. If you are using a script to upload I would make sure that it does not allow .htaccess files to be uploaded. If you're giving them FTP access you could give them access to a directory outside of your public_html.

I dont understand what you mean by: it would get wipped out by cpanel?

I meant inserting it in the apache configuration file.

**AndrewT** · 01-06-2008, 10:46 AM

Yes, I know what you meant. cPanel controls everything that is in the Apache configuration, whenever cPanel updates/refreshes it, the custom change that you are wanting will get removed. This is not a solution to your problem.

**Zalman** · 01-06-2008, 11:03 AM

Originally posted by AndrewT

Yes, I know what you meant. cPanel controls everything that is in the Apache configuration, whenever cPanel updates/refreshes it, the custom change that you are wanting will get removed. This is not a solution to your problem.

Maybe there is a way to tell cpanel you want a custom addition?

I am trying to build a nice site based on that.

Thanks in advance
-Meni

**AndrewT** · 01-06-2008, 11:05 AM

Modifying the Apache configuration is not going to be a good and reliable solution to your problem. You'll need to figure out alternative methods to accomplish the task. I noted a couple options in an earlier response.

AllowOverride inside .htaccess

AllowOverride inside .htaccess

Comment

Comment

Comment

Comment

Comment

Comment

Comment