[Pmwiki-users] more thoughts on .htaccess

Patrick R. Michaud pmichaud
Tue Dec 7 06:52:24 CST 2004


On Mon, Dec 06, 2004 at 08:47:44PM -0500, Neil Herber wrote:
> In the .htaccess tutorial [...]
> they suggest that to improve performance, all the configuration done using 
> per-directory .htaccess files should be moved into the main httpd.conf 
> file. The .htaccess file in the PmWiki "local/" directory ignores this 
> advice.

Well, the .htaccess file in PmWiki is really there to protect people
who (1) might forget that the scripts in local/ are accessible to the
web, and (2) might not know what #1 means.  :-)  The goal is to keep
installation and configuration as simple and accessible as possible
(PmWikiPhilosophy #5), and deal with performance issues once everything is
working.  Plus the performance hit that comes from having a .htaccess 
file isn't that big, relatively speaking.

It's pretty easy for someone who knows a little about Apache configuration to
tune PmWiki's .htaccess files and other files for better performance in
their specific environment.  The docs are mainly aimed at those who aren't
familiar with webserver configuration.

It might be worthwhile to create a Cookbook entry on improving PmWiki
and webserver performance.

> Should there be similar protection applied to the "uploads/" directory to 
> keep people from uploading scripts and executing them?

Well, you don't want to block access to the uploads/ directory entirely,
else people won't be able to get to the uploads.  By default PmWiki 
already blocks the uploading of scripts and other files with unwanted 
file extensions.

(BTW, pmwiki.org *allows* uploading of .php files to the Cookbook, 
because I've put a .htaccess file in place that prevents them from being 
executed by the webserver.  But otherwise .php files are blocked by
default.)

Pm



More information about the pmwiki-users mailing list