Important Changes to Apache directives and options supported in .htaccess files

Status
Not open for further replies.

Bryon

I Fix Things
Messages
8,149
Reaction score
101
Points
48
This afternoon we rolled out an update across all of our free web hosting servers. The update made some changes to the directives that we allow accounts to specify in .htaccess files. The change today doesn't impact the vast majority of accounts - they will continue to operate as they always have. If you don't see any problems on your website then this post doesn't affect you.

All directives (or groupings) and options in the following list are allowed.

Directives groups and their individual directives allowed:

Code:
AuthConfig (All) - AuthName, AuthType, AuthUserFile, Require, etc.
FileInfo (All) - ErrorDocument, SetOutputFilter, Header, RewriteEngine, RewriteCond, RewriteRule, Redirect, RedirectMatch, etc.
Indexes (All) - DirectoryIndex, etc.
Limit (All) - Allow, Deny, Order


Options allowed:

Code:
Indexes
MultiViews
FollowSymLinks


For a complete listing of directives per group please see: http://httpd.apache.org/docs/2.4/mod/core.html#allowoverride

If you are using a directive or option that is disallowed you may have started receiving HTTP 500 or HTTP 403 permission denied errors this afternoon. There are a few accounts we've seen that have bad .htaccess lines such as the following:

Code:
Options All


To identify the lines that are causing the issue you should update your .htaccess file and prefix each line by "#" - then reload the page to confirm the error disappeared. Once it has, go through the .htaccess file line by line, removing the # and reloading, until the error returns.

If you need assistance please open a new support thread and provide us with the contents of your .htaccess file.
 
Last edited:
Status
Not open for further replies.
Top