发表新帖
发表新帖

Check AllowOverride value using PHP?

后端 未结
关注
3 1610
萌比男神i
萌比男神i 2021-01-04 12:47

Is there anyway to use PHP to check the value of AllowOverride too see if .htaccess will have any effect?

相关标签:
3条回答
  • 夕颜
    2021-01-04 13:24

    Easiest way

    Add: show-error in the first line on your page an load domain via browser to trigger a 50x error

    Another method that is terrible but guaranteed to work independently from specific Apache modules is to programmatically write gibberish into the .htaccess file, then to make a curl request like above, and to check for a 500 status code. If it throws a 500, the .htaccess file got interpreted. But as said, this is terrible - if possible, go with the headers method instead.

    0 讨论(0)
  • 太阳男子
    2021-01-04 13:25

    In complement to @Pekka response:

    AllowOverride can be set to None or All, but as well to a specific list of terms: AuthConfig, FileInfo, Indexes, Limit, Options. So you could be allowed to use a Header instruction but not Deny, for example.

    So a way to test the real value of AllowOverride is to add this to your .htaccess:

    #AuthConfig
AuthName "Secret"
#FileInfo
ErrorDocument 404 index.php
#Indexes
DefaultIcon /icon/unknown.xbm 
#Limit
Allow From All
#Options
Options FollowSymLinks

    Then if you have an 500 error comment lines to detect which words (sections) are forbidden. You'll get an error 500 until you remove every forbidden instruction. When you'll know the allowed sections you'll have to check the documentation for the complete list of allowed instructions.

    If you do not have any error you have AllowOverride None or All. Then alter the Deny/Allow to:

    Deny From All

    If you have the 403 result it's a AllowOverride All.

    0 讨论(0)
  • 一整个雨季
    2021-01-04 13:48

    I am not aware of a clean, direct way to do this.

    If you have http access to the folder you want to check this for, you could write something into the .htaccess file that will trigger a certain kind of output.

    For example, you could set a header (this has an added dependency on mod_headers, though):

    <FilesMatch "\.(php)$">
<IfModule mod_headers.c>
Header set htaccess_works "yes"
</IfModule>
</FilesMatch>

    then make a request from PHP, and check the response headers, e.g. using curl's CURLOPT_HEADER. If they contain the htaccess_works header, it works.

    Another method that is terrible but guaranteed to work independently from specific Apache modules is to programmatically write gibberish into the .htaccess file, then to make a curl request like above, and to check for a 500 status code. If it throws a 500, the .htaccess file got interpreted. But as said, this is terrible - if possible, go with the headers method instead.

    0 讨论(0)
 看不清?
提交回复
热议问题