httpd.conf AllowOverride All

apache .htaccess codeigniter httpd.conf
48,089

AllowOverride directive is used to allow the use of .htaccess within the web server to allow overriding of the Apache config on a per directory basis. I believe CI uses mod_rewrites to make it work correctly. That's why it only works when you have AllowOverride All because you are telling the webserver to allow the use of an .htaccess file which CI uses. That's the simple answer. It's not about security per say, it's for the use of .htaccess files.

You will most likely have to use AllowOverride All to use codeigniter because that's the way it works. There shouldn't be any major security concerns with using this directive. Security wise you should be fine. Just don't use AllowOverride All in a <Directory /> block.

Only use it in a specific web directory only. This below is what you have now and should be fine with AllowOverride All.

<Directory "c:/Apache24/htdocs">

if it wasn't for this directive, .htaccess files would not work. Have a look at the documentation for more detailed explanation.

http://httpd.apache.org/docs/current/mod/core.html#allowoverride

Share:
48,089
Smudger
Author by

Smudger

Updated on July 09, 2022

Comments

  • Smudger
    Smudger almost 2 years

    I am trying to remove the index.php from my codeigniter URL. I have apache24 with codeigniter and ion auth. The only way I can get this to work is by allowing AllowOverride All.

    The relevant code is:

    <Directory "c:/Apache24/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

    Using AllowOverride None this returns a 404 error code. Using AllowOverride All it works.

    What are the security implications with this on a production server?

  • Apurva Kunkulol
    Apurva Kunkulol over 6 years
    What are the implications of using the AllowOverride All in <Directory /> block?
  • MrWhite
    MrWhite almost 6 years
    @ApurvaKunkulol That would permit Apache to search for .htaccess files all the way up to the server root. Apart from being unnecessary, the Apache docs specifically warn against this for "security and performance" reasons.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to setup ssl using only .htaccess file
CodeIgniter .htaccess index.php rewrite not working on user directory
500 Internal Server Error in codeigniter
500 Internal Server Error in CodeIgniter application
Codeigniter URL rewriting .htaccess is not working on CentOS
Redirect all but one file in a directory via httpd.conf / htaccess
PHP / Apache how to set session.cookie_domain from outside php.ini
Nginx rewrite rule for CodeIgniter
Options FollowSymLinks or SymLinksIfOwnerMatch is off
.htaccess: RewriteEngine not allowed here