Security - .htaccessLast Update: 5th May, 2006
Article ID: 249



Introduction

osCommerce has .htaccess files already in place in the (admin directory, for example). These files are in fact Apache server configuration files so they can do more than control access. Because they start with a dot, they do not appear on normal unix directory listings, so they are easy to miss.

More information on what can be done in .htaccess (or the main Apache configuration files) is available online at www.apache.org

Explanation of .htaccess in osCommerce

The osCommerce .htaccess file in the catalog folder is as follows:

# $Id: .htaccess,v 1.3 2003/06/12 10:53:20 hpdl Exp $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
# AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

<IfModule mod_setenvif.c>
<IfDefine SSL>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfDefine>
</IfModule>

# Fix certain PHP values (commented out by default to prevent errors occuring on certain servers)
# The <IfModule container should be used to house these listings otherwise, if the PHP installation fails so will the web server.
<IfModule mod_php4.c>
#php_value session.use_trans_sid 0
php_value register_globals 1
</IfModule>
NOTE: If the register_globals error does not go away after this section above is uncommented then uncomment the one line only like shown below for the error "register_globals is not enabled in php.ini ... Please enable it!" The "IfModule" directive for PHP doesn't work for all Apache servers (it depends on how PHP was installed). It is not needed if you know that your Apache installation will always include the PHP module.

#<IfModule mod_php4.c>
#php_value session.use_trans_sid 0
php_value register_globals 1
#</IfModule>

# Add for oscommerce safe engine urls set to true in admin - uncomment to use if you get a blank page while clicking on any product links.
# AcceptPathInfo On

 

 

Trademark Policy | Copyright Policy | Sitemap

Copyright © 2000-2005 osCommerce. All rights reserved.