Red Hat Bugzilla – Bug 427720
.htaccess file from drupal project missing
Last modified: 2008-01-11 17:15:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:184.108.40.206) Gecko/20071213 Fedora/220.127.116.11-3.fc8 Firefox/18.104.22.168
Description of problem:
The project drupal provide a .htaccess to improve security.
This file is not packaged.
If the file is provided, i suggest to add in /etc/httpd/conf.d/drupal.conf :
Version-Release number of selected component (if applicable):
Steps to Reproduce:
$ rpm -q -l drupal | grep htaccess
=> empty. No .htaccess
Good catch. Testing now. . .
Does the lack of htaccess file actually compromise the security in any way, or
just removes a hardening layer?
Hardening layer, AFAIK. Should I reclassify as bugfix?
Drupal does not work with SeLinux enabled.
After playing a little with drupal, I am not very happy/confidente with this
In a couple of weeks, perhaps I will have the time to check again Drupal package
and correct some flaw.
It's a bug !
Part of .htaccess actualy ignored :
# Protect files and directories from prying eyes.
Or do you thing Drupal has build a useless .htaccess ?
With this file, it's easier to get "clean url" :
It's a "click job" (tested with drupal 6.0-dev).
If you close again the bug, I will not reopen it.
I did not close it.
I have builds ready to push in bodhi to fix this. Just waiting on LKundrak's
response to #3.
Removed bodhi requests, submitted new for new builds for 5.6, multiple upstream
security fixes, as well as this fix.
drupal-5.6-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.