welcome: please sign in

The following 188 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
able   add   Afterword   all   All   allow   allowing   also   among   an   and   any   Anyone   anywhere   Apache   arbitrary   are   as   at   available   be   become   before   believe   break   but   by   can   carefully   Certain   certainly   come   common   configuration   configure   configuring   content   contrast   control   conventions   Coop   could   counterparts   creating   Crucially   daemons   defaults   different   directive   directives   disabling   documentation   doesn   doing   Dom   domtool   don   done   eats   Every   everyone   exactly   Examples   expect   files   flag   flags   For   for   found   from   gotten   has   have   hcoop   host   how   htaccess   http   improperly   in   In   includes   infinite   instance   Instead   is   It   it   its   itself   just   language   learn   learning   letting   library   like   list   looking   loop   maliciously   members   most   need   net   never   new   not   objectively   of   on   One   or   other   override   pain   people   post   processes   promise   prose   proxy   proxying   quickly   re   reading   reasons   reference   regular   request   Rewrite   rewrite   right   Rule   security   see   set   should   shown   site   sites   some   Somehow   specify   standard   stored   suggestion   suggestions   superior   support   syntactic   sysadmin   system   take   that   The   the   This   this   through   time   to   Tool   type   understand   uniform   unsupported   up   use   used   using   validates   vetted   way   we   We   web   welcome   when   which   whitelist   with   With   won   worth   you   your  

Clear message
Edit

DomTool / WhyNoHtaccess

One common way of configuring Apache web sites is through ".htaccess files," which are files stored among your regular web site content that specify new configuration to override Apache's defaults. HCoop doesn't support .htaccess files for security reasons. Certain directives can break other people's web sites when used improperly or maliciously. This includes some of the most common directives found in .htaccess files, like RewriteRule. With the right flags, you can set up a proxying rewrite from Apache to itself, creating an infinite loop that quickly eats up all available Apache processes, disabling Apache for everyone.

Instead, you can configure your web sites using DomTool, as shown on DomTool/Examples. All of the most common Apache directives have DomTool counterparts, and we can add counterparts to unsupported Apache directives on request. Crucially, DomTool validates all configuration you request before letting Apache see it. For instance, DomTool won't allow you to use rewriteRule directives with the proxy flag P.

It can certainly be a pain to learn DomTool when you're used to Apache's configuration language, but we believe that the DomTool language is objectively superior to Apache's language. DomTool can also be used to control a host of different daemons, not just Apache, in a uniform way. Every Apache directive has arbitrary syntactic conventions that you need to learn by reading prose documentation. In contrast, by learning DomTool's type system, you become able to understand how to use any directive just by looking at its type, which can be found in the standard library reference. We don't expect most members to take the time to learn the type system, but we promise that it's worth doing.

Afterword: The suggestion of allowing .htaccess files that use directives from a carefully-vetted whitelist has come up before. Somehow it's never gotten anywhere. Anyone is welcome to post suggestions on exactly how this could/should be done on the hcoop-sysadmin list.

DomTool/WhyNoHtaccess (last edited 2008-07-07 04:27:49 by localhost)