Comment by dylan604

4 days ago

is that something that could have be done in the dot file for server override? what was it, .htaccess or something?

9 comments

dylan604

Reply
throwanem  4 days ago

Sure, if you wanted to deal with configuring Apache. Or getting your hosting provider to do that. If you knew to ask, and didn't mind waiting, and your hosting provider knew how...and was willing to do it, a condition I forgot to add in my last comment here, but which applies equally there. (User-provided .htaccess files were the source of a number of relatively high-profile early CVEs, as I recall. Apache grew a number of options for trusting their content, and I want to say before very long you could not rely on anything working past simple HTTP-Basic credential management.)

Oldschool shared web hosting was a shockingly deprived environment by modern standards, which is why my Linode account turned old enough a few months ago to buy a drink in a bar: $20 a month in 2004 was amply worth gaining a degree of control over web server configuration which is broadly the default assumption now.

Since I was also administering some shared web hosting in my own right at the time - partially overlapping with my web design work targeting shared hosting, since some customers preferred to BYO - I don't blame admins for being difficult to work with; we all had good reason to be, with the afterthought security typically was everywhere in those days. But you begin perhaps to see why bypassing the whole rigamarole with a hint to the client was attractive.

  • dylan604  4 days ago

    but that was the point of the dot file to allow vhosts to change the default server settings without needing access to the root config. maybe they weren't designed specifically for vhosts, but that was my main use of them.

    • throwanem  4 days ago

      Yes. If the main Apache config was set up to allow it to read a dotfile, and if configured not to ignore the options you wanted to use, that is what the dotfile did. That's why, if you wanted an option easily portable across hosting providers, you used the meta tag instead. Which is my point, and my only point, and not really up for debate by some pettifogging rando with nothing better to fill a Saturday night.

      5 replies →

astrange  4 days ago

Ever tried doing it in nginx? You'll find `add_header` doesn't work at all the way you think it does.

And it doesn't allow overrides in dotfiles since that's not performant or secure.