Hello FreePBX and users,
We are getting a new security notice from our PBX.
".htaccess files are disable on this webserver"
When checking our /etc/httpd/conf/httpd.conf file, we noticed that “AllowOverride ALL” is configured properly.
We looked at other FreePBX Distro systems, which gave this notice, and we see the same right settings…
All httpd config files have ‘AllowOverride All’ in the httpd.conf content.
Is this a false positive Security Notice, or am I seeing something wrong?
Here is the part which should be wrong, but looks right to me:
> # First, we configure the "default" to be a very restrictive set of
> # features.
> #
> <Directory />
> Options FollowSymLinks
> AllowOverride All
> </Directory>
> #
> # Note that from this point forward you must specifically allow
> # particular features to be enabled - so if something's not working as
> # you might expect, make sure that you have specifically enabled it
> # below.
> #
> #
> # This should be changed to whatever you set DocumentRoot to.
> #
> <Directory "/var/www/html">
> #
> # Possible values for the Options directive are "None", "All",
> # or any combination of:
> # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
> #
> # Note that "MultiViews" must be named *explicitly* --- "Options All"
> # doesn't give it to you.
> #
> # The Options directive is both complicated and important. Please see
> # http://httpd.apache.org/docs/2.2/mod/core.html#options
> # for more information.
> #
> Options Indexes FollowSymLinks
> #
> # AllowOverride controls what directives may be placed in .htaccess files.
> # It can be "All", "None", or any combination of the keywords:
> # Options FileInfo AuthConfig Limit
> #
> AllowOverride All
> #
> # Controls who can get stuff from this server.
> #
> Order allow,deny
> Allow from all
> </Directory>