Opened 11 years ago
Closed 10 years ago
#419 closed enhancement (wontfix)
one-time "Deny from all"-scan in .htaccess files
| Reported by: | Martijn van der Lee | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.3.x |
| Keywords: | Cc: | ||
| uname -a: | Linux vps 3.2.0-53-generic #81-Ubuntu SMP Thu Aug 22 21:01:03 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: | 1.1.19 | ||
Description
.htaccess is evil and Nginx shouldn't support it or anything remotely like it.
However, a lot of 3rd party web applications still come supplied with .htaccess files, mostly simply to make directories inaccessible.
Would it be possible to implement an optional scan for .htaccess files when (re-)loading the nGinx configuration that is either smart enough to recognize the common "Order allow,deny
Deny from all" construct or simply denies access to any directory tree with a .htaccess file?
Alternatively perhaps a stand-alone command line tool that scans a directory for .htaccess files and outputs an equivalent Nginx configuration for select Apache features, to make it easier to install web applications that assume Apache.
There are no plans to implement such an option or a tool.