Changes in the .htaccess file

Dez · February 9, 2018, 11:24am

Hi, the hosts have changed, in the .htaccess file, from:

php_flag allow_url_fopen On
php_flag allow_url_include On
php_flag allow_url_fopen 1
php_flag allow_url_include 1
php_flag display_errors On

To:

<IfModule LiteSpeed>
php_flag allow_url_fopen On
php_flag allow_url_include On
php_flag allow_url_fopen 1
php_flag allow_url_include 1
php_flag display_errors On
</IfModule>

Are the changes necessary please?

Gandalf · February 9, 2018, 11:28am

You’d probably have to ask the hosts that, but adding the <IfModule> directive suggests that the LiteSpeed module may not be loaded.

Mittineague · February 9, 2018, 2:31pm

AFAIK, the “ifModule” wrappers are primarily used for code that is going to be used in unknown environments.

For example, WordPress has “if” because it is used by many and it can not be predetermined how a users set up will be.

And I suppose it might be good to have if you are going to use it inside VM environments that could be configured differently.

One thing to keep in mind is that “ifs” will cause a “check” every time the file is processed (every time an HTTP Request is made to the folder the htaccess file is in). So for efficiency it is likely better to not have ifModule wrapped around modules you know do exist.

Dez · February 9, 2018, 2:33pm

Thank you - so that would/could slow down page loading?

Mittineague · February 9, 2018, 2:42pm

I don’t know if it would slow things down significantly, but it can’t help.

Got PHP? I would advise to not keep the file up, but you could try a simple file with apache_get_modules to see what’s there.
http://php.net/manual/en/function.apache-get-modules.php

Dez · February 9, 2018, 2:46pm

Thank you. What does ‘I would advise to not keep the file up,’ mean?

Mittineague · February 9, 2018, 2:49pm

Only that unless you wouldn’t mind if someone other than you might see the information it would be better to not leave the file there. I don’t know how useful the info might be to a hacker, but I prefer to not take unnecessary chances.

Dez · February 9, 2018, 3:01pm

Yep, I tend to think like that as well. Are you saying not to have anything in the .htaccess?

Mittineague · February 9, 2018, 3:04pm

Not at all. I just mean upload and run the PHP file, see what’s there, then take it down.

system · May 11, 2018, 10:04pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.