2015-06-09 11:50:00 +02:00
|
|
|
[[!meta date="2010-03-14 14:58:13 -0400"]]
|
|
|
|
|
2010-03-14 19:58:13 +01:00
|
|
|
If you try to include a `.htaccess` file in your wiki's source, in order to
|
|
|
|
configure the web server, you'll find that ikiwiki excludes it from
|
|
|
|
processing. In fact, ikiwiki excludes any file starting with a dot, as well
|
|
|
|
as a lot of other files, for good security reasons.
|
|
|
|
|
|
|
|
You can tell ikiwiki not to exclude the .htaccess file by adding this to
|
|
|
|
your setup file:
|
|
|
|
|
|
|
|
include => '^\.htaccess$',
|
|
|
|
|
|
|
|
Caution! Before you do that, please think for a minute about who can edit
|
|
|
|
your wiki. Are attachment uploads enabled? Can users commit changes
|
|
|
|
directly to the version control system? Do you trust everyone who can
|
|
|
|
make a change to not do Bad Things with the htaccess file? Do you trust
|
|
|
|
everyone who *might* be able to make a change in the future? Note that a
|
|
|
|
determined attacker who can write to the htaccess file can probably get a
|
|
|
|
shell on your web server.
|
|
|
|
|
|
|
|
If any of these questions have given you pause, I suggest you find a
|
|
|
|
different way to configure the web server. One way is to not put the
|
|
|
|
`.htaccess` file under ikiwiki's control, and just manually install it
|
2010-03-14 20:28:50 +01:00
|
|
|
in the destdir. --[[Joey]]
|
2010-03-14 19:58:13 +01:00
|
|
|
|
2010-03-14 20:30:18 +01:00
|
|
|
[Apache's documentation](http://httpd.apache.org/docs/2.2/howto/htaccess.html)
|
2010-03-14 20:26:24 +01:00
|
|
|
says:
|
2010-03-14 19:58:13 +01:00
|
|
|
> In general, you should never use .htaccess files unless you don't have
|
|
|
|
> access to the main server configuration file.
|