Apace2 default configuration incorrect for allowoverride
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: apache2
The configuration file under /etc/apache2/
The values at install are :
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride none
Order allow,deny
allow from all
</Directory>
Whereas, for mod_rewrite to work correctly, they should be
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
For the record, I have chaged the first and second AllowOverride to All.
The caps A seems to be *VERY* important.
Values at install-time with current Intrepid/apache2 are:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
Those are syntactically- correct, sensible and secure default values.
It's true that if you want to do mod_rewrite with .htaccess files, you'll need to change some AllowOverride to allow parsing the .htaccess files. That doesn't mean the default configuration shipped with Apache should change ?