[Pmwiki-users] more thoughts on .htaccess

Joachim Durchholz jo
Sat Dec 11 04:18:55 CST 2004 

Neil Herber wrote:
> Note that the page *does not* advocate the "httpd.conf solution", but
> it is mentioned since the Apache 2 docs make a fairly big deal about
> it.

I know :-)

It's because Apache has to server the single-purpose-static-pages case.

For typical Wiki administrators, ease of administration is far more
important than getting the last 10% squeezed out of an implementation.
Unfortunately, ease of administration is far more difficult to measure
than efficiency, so efficiency gets undue attention. (Apache
configuration is far too complicated for 99% of all server
installations, but one of the reason why it's complicated is that it
gives you many, many things to tweak for efficiency.)

I'm still convinced that "AllowOverride None" doesn't even deserve
mention in the PmWiki docs. I believe that anybody desperate enough to
take this route should read the Apache docs and check all the other
efficiency tweaks that Apache allows. Even more importantly, he should
know what he's doing - blindly applying efficiency recipes will give you
a modestly efficient, unmaintainable installation. That's a route that I
don't recommend newbies on, and seasoned Apache veterans will know about
this anyway.

> I feel that the page that I created here: 
> http://www.pmwiki.org/wiki/Cookbook/WebServerSecurity
> 
> has some value, because with a default install of Apache 2, .htaccess
> files are ignored. It provides some sample URLs to test your
> .htaccess and make sure it is working.
> 
> Can you scan this page and let me know if there are any errors or if 
> it is worth the electrons it takes to serve it? ;->

You could drop the "Deny from all" entry ("from all" is the default 
setting), but it's custom to add it, it has no adverse effects other 
than minimally slowing server start-up, and it helps document the intent.

My point is just that the "Other Notes" section could be dropped. If 
efficiency is a top-priority concern, you shouldn't run a Wiki anyway ;-)

Otherwise, the page is correct though I'd recommend getting a bit more 
into detail. I'd target the page for somebody who's freshly installed 
XAMPP and doesn't have much of an idea how it all fits together.
... well, I'm just editing the page. Take a look at it and see if you 
want to keep your name :-)
(I'm leaving the "Other notes" section in, but I'd still recommend 
removing it.)

Regards,
Jo

More information about the pmwiki-users mailing list