From 823ec815d4fc9625d6fa3553ad03e9f2ff737659 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@gnu.kitenet.net>
Date: Sun, 14 Mar 2010 14:58:13 -0400
Subject: Add a include setting, which can be used to make ikiwiki process wiki
 source files, such as .htaccess, that would normally be skipped for security
 or other reasons. Closes: #447267 (Thanks to Aaron Wilson for the original
 patch.)

---
 doc/tips/htaccess_file.mdwn | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 doc/tips/htaccess_file.mdwn

(limited to 'doc/tips/htaccess_file.mdwn')

diff --git a/doc/tips/htaccess_file.mdwn b/doc/tips/htaccess_file.mdwn
new file mode 100644
index 000000000..5266eba41
--- /dev/null
+++ b/doc/tips/htaccess_file.mdwn
@@ -0,0 +1,30 @@
+If you try to include a `.htaccess` file in your wiki's source, in order to
+configure the web server, you'll find that ikiwiki excludes it from
+processing. In fact, ikiwiki excludes any file starting with a dot, as well
+as a lot of other files, for good security reasons.
+
+You can tell ikiwiki not to exclude the .htaccess file by adding this to
+your setup file:
+
+	include => '^\.htaccess$',
+
+Caution! Before you do that, please think for a minute about who can edit
+your wiki. Are attachment uploads enabled? Can users commit changes
+directly to the version control system? Do you trust everyone who can
+make a change to not do Bad Things with the htaccess file? Do you trust
+everyone who *might* be able to make a change in the future? Note that a
+determined attacker who can write to the htaccess file can probably get a
+shell on your web server.
+
+If any of these questions have given you pause, I suggest you find a
+different way to configure the web server. One way is to not put the
+`.htaccess` file under ikiwiki's control, and just manually install it
+in the destdir.
+
+[Apache's documentation](http://httpd.apache.org/docs/1.3/howto/htaccess.html)
+says
+> In general, you should never use .htaccess files unless you don't have
+> access to the main server configuration file.
+This is good advice -- if you can edit apache's main configuration files,
+then you should not use a htaccess file.
+--[[Joey]]
-- 
cgit v1.2.3


From ceadd862930411fed21eab16c428227fdcdc10ba Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@gnu.kitenet.net>
Date: Sun, 14 Mar 2010 15:26:24 -0400
Subject: update

---
 doc/tips/htaccess_file.mdwn | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'doc/tips/htaccess_file.mdwn')

diff --git a/doc/tips/htaccess_file.mdwn b/doc/tips/htaccess_file.mdwn
index 5266eba41..7b4b0901a 100644
--- a/doc/tips/htaccess_file.mdwn
+++ b/doc/tips/htaccess_file.mdwn
@@ -22,9 +22,7 @@ different way to configure the web server. One way is to not put the
 in the destdir.
 
 [Apache's documentation](http://httpd.apache.org/docs/1.3/howto/htaccess.html)
-says
+says:
 > In general, you should never use .htaccess files unless you don't have
 > access to the main server configuration file.
-This is good advice -- if you can edit apache's main configuration files,
-then you should not use a htaccess file.
 --[[Joey]]
-- 
cgit v1.2.3


From d958e96b01ca459055b2c34f140f7c6ec7168f92 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@gnu.kitenet.net>
Date: Sun, 14 Mar 2010 15:28:50 -0400
Subject: update

---
 doc/tips/htaccess_file.mdwn | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'doc/tips/htaccess_file.mdwn')

diff --git a/doc/tips/htaccess_file.mdwn b/doc/tips/htaccess_file.mdwn
index 7b4b0901a..0c1b0f2f7 100644
--- a/doc/tips/htaccess_file.mdwn
+++ b/doc/tips/htaccess_file.mdwn
@@ -19,10 +19,9 @@ shell on your web server.
 If any of these questions have given you pause, I suggest you find a
 different way to configure the web server. One way is to not put the
 `.htaccess` file under ikiwiki's control, and just manually install it
-in the destdir.
+in the destdir. --[[Joey]]
 
 [Apache's documentation](http://httpd.apache.org/docs/1.3/howto/htaccess.html)
 says:
 > In general, you should never use .htaccess files unless you don't have
 > access to the main server configuration file.
---[[Joey]]
-- 
cgit v1.2.3


From aa36cd66baeca85ca4bca1c35c43b7a01c8a5cf7 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@gnu.kitenet.net>
Date: Sun, 14 Mar 2010 15:30:18 -0400
Subject: update

---
 doc/tips/htaccess_file.mdwn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc/tips/htaccess_file.mdwn')

diff --git a/doc/tips/htaccess_file.mdwn b/doc/tips/htaccess_file.mdwn
index 0c1b0f2f7..6964cf24e 100644
--- a/doc/tips/htaccess_file.mdwn
+++ b/doc/tips/htaccess_file.mdwn
@@ -21,7 +21,7 @@ different way to configure the web server. One way is to not put the
 `.htaccess` file under ikiwiki's control, and just manually install it
 in the destdir. --[[Joey]]
 
-[Apache's documentation](http://httpd.apache.org/docs/1.3/howto/htaccess.html)
+[Apache's documentation](http://httpd.apache.org/docs/2.2/howto/htaccess.html)
 says:
 > In general, you should never use .htaccess files unless you don't have
 > access to the main server configuration file.
-- 
cgit v1.2.3