The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AllowOverride Apache 2.4 question

Discussion in 'EasyApache' started by xanadu, Mar 29, 2017.

  1. xanadu

    xanadu Member

    Joined:
    Sep 25, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    151
    We recently transferred a site using the Transfer tool (which we really like) but after the transfer the website kept giving server error messages. The particular website, predominately PHP, apparently needs the httpd.conf file edited to AllowOverride All to enable their .htaccess file to make changes.

    In Apache 2.2 the default was AllowOverride All but in Apache 2.4 the default is AllowOverride None. My question is by overriding the default in Apache 2.4 are we risking security issues?

    Thanks for any guidance you can give us.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can find discussion on the security aspect of that setting on the following StackOverflow threads:

    Security question about httpd.conf AllowOverride setting
    AllowOverride security issues

    Information about how this setting works is documented at:

    core - Apache HTTP Server Version 2.4

    Note there's also some performance issues to consider. In cPanel 64, the following option is available under "WHM Home » Service Configuration » Apache Configuration » Global Configuration":

    Optimize .htaccess (AllowOverride)

    Per it's description:

    Reduce the paths Apache will check for “.htaccess” files. Reducing the number of places Apache has to look for .htaccess files can significantly boost server performance.

    Thank you.
     
    xanadu likes this.
Loading...

Share This Page