Please also check the known bugs page.
AuthGroupFile
-specified group file
format allows commas between user names - Apache does not.AddType
only accepts one file extension per line, without
any dots (.
) in the extension, and does not take full filenames.
If you need multiple extensions per type, use multiple lines, e.g.
AddType application/foo foo
AddType application/foo bar
To map .foo
and .bar
to application/foo
If you follow the NCSA guidelines for setting up access restrictions
based on client domain, you may well have added entries for,
AuthType, AuthName, AuthUserFile
or AuthGroupFile
.
None of these are needed (or appropriate) for restricting access
based on client domain.
When Apache sees AuthType
it (reasonably) assumes you
are using some authorization type based on username and password.
Please remove AuthType
, it's unnecessary even for NCSA.
AuthUserFile
requires a full pathname. In earlier
versions of NCSA httpd and Apache, you could use a filename
relative to the .htaccess file. This could be a major security hole,
as it made it trivially easy to make a ".htpass" file in the a
directory easily accessible by the world. We recommend you store
your passwords outside your document tree.
OldScriptAlias
is no longer supported.
exec cgi=""
produces reasonable malformed header
responses when used to invoke non-CGI scripts.exec cmd=""
instead.
We might add virtual
support to exec cmd
to
make up for this difference.
.asis
files: Apache 0.6.5 did not require a Status header;
it added one automatically if the .asis file contained a Location header.
0.8.14 requires a Status header.