httpd.conf AllowOverride全部 [英] httpd.conf AllowOverride All

问题描述

我正在尝试从我的codeigniter URL中删除index.php。我有带有codeigniter和ion auth的apache24。使此工作正常运行的唯一方法是允许 AllowOverride All 。

I am trying to remove the index.php from my codeigniter URL. I have apache24 with codeigniter and ion auth. The only way I can get this to work is by allowing AllowOverride All.

相关代码为：

<Directory "c:/Apache24/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

使用 AllowOverride None 会返回404错误码。使用 AllowOverride All 可以正常工作。

Using AllowOverride None this returns a 404 error code. Using AllowOverride All it works.

在生产服务器上使用此功能有什么安全隐患？

What are the security implications with this on a production server?

推荐答案

AllowOverride 指令用于允许使用。 htaccess 允许在每个目录的基础上覆盖Apache配置。我相信CI使用mod_rewrites使其正常工作。这就是为什么它仅在具有 AllowOverride All 时起作用的原因，因为您告诉网络服务器允许使用CI使用的.htaccess文件。这就是简单的答案。并不是说安全性，而是用于 .htaccess 文件。

AllowOverride directive is used to allow the use of .htaccess within the web server to allow overriding of the Apache config on a per directory basis. I believe CI uses mod_rewrites to make it work correctly. That's why it only works when you have AllowOverride All because you are telling the webserver to allow the use of an .htaccess file which CI uses. That's the simple answer. It's not about security per say, it's for the use of .htaccess files.

您很可能不得不使用 AllowOverride All 来使用codeigniter，因为这是它的工作方式。使用此指令不应引起任何重大的安全问题。安全方面，您应该没问题。只是不要在<目录/> 块中使用 AllowOverride All 。

You will most likely have to use AllowOverride All to use codeigniter because that's the way it works. There shouldn't be any major security concerns with using this directive. Security wise you should be fine. Just don't use AllowOverride All in a <Directory /> block.

仅在特定的Web目录中使用它。下面是您现在拥有的，使用 AllowOverride All 应该可以。

Only use it in a specific web directory only. This below is what you have now and should be fine with AllowOverride All.

<目录 c：/ Apache24 / htdocs>

如果不是该指令，则 .htaccess 文件将不起作用。请查看文档以获取更详细的说明。

if it wasn't for this directive, .htaccess files would not work. Have a look at the documentation for more detailed explanation.

http://httpd.apache.org/docs/current/mod/core.html#allowoverride

这篇关于httpd.conf AllowOverride全部的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！