|
|
|
|
|
|
by Pahalial
5497 days ago
|
|
|
As usual, allow the smallest subset of functionality which still permits legitimate uses. In these cases they're relying on .htaccess files being allowed specific overrides - FileInfo and Options being the most powerful ones. 'AllowOverride AuthConfig Indexes' is generally relatively safe (in my humble experience) - i'd be scared to see an htshell like these with just those. |
|
|