Score:0

Server

lighttpd security without htaccess

Thom

10/15/22, 3:08 AM

I have a webserver with limited resources and therefore I decided to use lighttpd as my webserver software. However, I notice now that it does not recognizes apache .htaccess files. Most of the software I use and opensource scrips have plenty of .htaccess files in several directories. So I am nervous that I might unintentionally open security holes.

So my question would be, do I create myself issues on using lighttpd that does not use htaccess. Are there security issues I am facing when using standard open source software that is optimized for htaccess files?

I try to assess if it is better to go back to Apache 2.4. I only used lighttpd because I thought it would be less heavy on my limited resources.

183

2 + 2

linux

web-server

lighttpd

.htaccess

apache-2.4

ezra-s

10/15/22, 6:29 AM

using .htaccess in Apache httpd is not even recommended unless you are not the admin of the site, so why do you want to keep using them? htaccess does not add any security either. Do not use htaccess with Apache httpd or try to export it anywhere else either, that's my suggestion.

Thom

10/15/22, 9:02 AM

Well, I do not use htaccess, since I am not a programer. However, I use several open source programs sich as CRM, HR Software, sales automation, cloud, etc. and all of them have plenty htaccess files in the directories. I would not have the knowledge to assess if they are needed or not, I just see they are there. So this was bringing the question if I use lighttpd and these htaccess files are ignored, would this be a security issue.

Score:0

Server

Nimal V

10/15/22, 7:30 AM

lighttpd doesn't support .htaccess files like Apache httpd does. That's where the "light" in "lighttpd" comes into play.

This stackoverflow question might help

0 + 2

Thom

10/15/22, 9:06 AM

Thank you for the info. I saw the post, but for me it was only about any potential issues, if I have standard open source software that has lots of htaccess files and lighttpd ignores them, would this open security issues. I would not have the time or knowledge to write all into a config file, so for me the question is if I use standard software like owncloud, nextcloud, suitecrm, etc. and the htaccess files they have are not used, would this be a security issue in your opinion.

Nimal V

10/15/22, 9:19 AM

it might depends upon the opensource programs you are using

Score:0

Server

gstrauss

12/10/22, 5:41 AM

lighttpd has some documentation for Migrating from Apache linked from the lighttpd FAQ

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: lighttpd security without htaccess

TH: ความปลอดภัย lighttpd โดยไม่ต้อง htaccess

RO: securitate lighttpd fără htaccess

RU: безопасность lighttpd без htaccess

VI: bảo mật lighttpd mà không cần htaccess

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.