Ccna final exam - java, php, javascript, ios, cshap all in one. This is a collaboratively edited question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
Monday, June 11, 2012
Check AllowOverride value using PHP?
Is there anyway to use PHP to check the value of AllowOverride too see if .htaccess will have any effect?
If you have http access to the folder you want to check this for, you could write something into the .htaccess file that will trigger a certain kind of output.
For example, you could set a header (this has an added dependency on mod_headers, though):
<FilesMatch "\.(php)$"> <IfModule mod_headers.c> Header set htaccess_works "yes" </IfModule> </FilesMatch>
then make a request from PHP, and check the response headers, e.g. using curl's CURLOPT_HEADER. If they contain the htaccess_works header, it works.
Another method that is terrible but guaranteed to work independently from specific Apache modules is to programmatically write gibberish into the .htaccess file, then to make a curl request like above, and to check for a 500 status code. If it throws a 500, the .htaccess file got interpreted. But as said, this is terrible - if possible, go with the headers method instead.
AllowOverride can be set to None or All, but as well to a specific list of terms: AuthConfig, FileInfo, Indexes, Limit, Options. So you could be allowed to use a Header instruction but not Deny, for example.
So a way to test the real value of AllowOverride is to add this to your .htaccess:
#AuthConfig AuthName "Secret" #FileInfo ErrorDocument 404 index.php #Indexes DefaultIcon /icon/unknown.xbm #Limit Allow From All #Options Options FollowSymLinks
Then if you have an 500 error comment lines to detect which words (sections) are forbidden. You'll get an error 500 until you remove every forbidden instruction. When you'll know the allowed sections you'll have to check the documentation for the complete list of allowed instructions.
If you do not have any error you have AllowOverride None or All. Then alter the Deny/Allow to:
Deny From All
If you have the 403 result it's a AllowOverride All.
I am not aware of a clean, direct way to do this.
ReplyDeleteIf you have http access to the folder you want to check this for, you could write something into the .htaccess file that will trigger a certain kind of output.
For example, you could set a header (this has an added dependency on mod_headers, though):
<FilesMatch "\.(php)$">
<IfModule mod_headers.c>
Header set htaccess_works "yes"
</IfModule>
</FilesMatch>
then make a request from PHP, and check the response headers, e.g. using curl's CURLOPT_HEADER. If they contain the htaccess_works header, it works.
Another method that is terrible but guaranteed to work independently from specific Apache modules is to programmatically write gibberish into the .htaccess file, then to make a curl request like above, and to check for a 500 status code. If it throws a 500, the .htaccess file got interpreted. But as said, this is terrible - if possible, go with the headers method instead.
In complement to @Pekka response:
ReplyDeleteAllowOverride can be set to None or All, but as well to a specific list of terms:
AuthConfig, FileInfo, Indexes, Limit, Options. So you could be allowed to use a Header instruction but not Deny, for example.
So a way to test the real value of AllowOverride is to add this to your .htaccess:
#AuthConfig
AuthName "Secret"
#FileInfo
ErrorDocument 404 index.php
#Indexes
DefaultIcon /icon/unknown.xbm
#Limit
Allow From All
#Options
Options FollowSymLinks
Then if you have an 500 error comment lines to detect which words (sections) are forbidden. You'll get an error 500 until you remove every forbidden instruction. When you'll know the allowed sections you'll have to check the documentation for the complete list of allowed instructions.
If you do not have any error you have AllowOverride None or All. Then alter the Deny/Allow to:
Deny From All
If you have the 403 result it's a AllowOverride All.