Opened 11 years ago

Closed 10 years ago

#419 closed enhancement (wontfix)

one-time "Deny from all"-scan in .htaccess files

Reported by: Martijn van der Lee Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.3.x
Keywords: Cc:
uname -a: Linux vps 3.2.0-53-generic #81-Ubuntu SMP Thu Aug 22 21:01:03 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: 1.1.19


.htaccess is evil and Nginx shouldn't support it or anything remotely like it.

However, a lot of 3rd party web applications still come supplied with .htaccess files, mostly simply to make directories inaccessible.

Would it be possible to implement an optional scan for .htaccess files when (re-)loading the nGinx configuration that is either smart enough to recognize the common "Order allow,deny
Deny from all" construct or simply denies access to any directory tree with a .htaccess file?

Alternatively perhaps a stand-alone command line tool that scans a directory for .htaccess files and outputs an equivalent Nginx configuration for select Apache features, to make it easier to install web applications that assume Apache.

Change History (1)

comment:1 by Maxim Dounin, 10 years ago

Resolution: wontfix
Status: newclosed

There are no plans to implement such an option or a tool.

Note: See TracTickets for help on using tickets.