Score:0

lighttpd security without htaccess

kn flag

I have a webserver with limited resources and therefore I decided to use lighttpd as my webserver software. However, I notice now that it does not recognizes apache .htaccess files. Most of the software I use and opensource scrips have plenty of .htaccess files in several directories. So I am nervous that I might unintentionally open security holes.

So my question would be, do I create myself issues on using lighttpd that does not use htaccess. Are there security issues I am facing when using standard open source software that is optimized for htaccess files?

I try to assess if it is better to go back to Apache 2.4. I only used lighttpd because I thought it would be less heavy on my limited resources.

ezra-s avatar
ru flag
using .htaccess in Apache httpd is not even recommended unless you are not the admin of the site, so why do you want to keep using them? htaccess does not add any security either. Do not use htaccess with Apache httpd or try to export it anywhere else either, that's my suggestion.
Thom avatar
kn flag
Well, I do not use htaccess, since I am not a programer. However, I use several open source programs sich as CRM, HR Software, sales automation, cloud, etc. and all of them have plenty htaccess files in the directories. I would not have the knowledge to assess if they are needed or not, I just see they are there. So this was bringing the question if I use lighttpd and these htaccess files are ignored, would this be a security issue.
Score:0
cl flag

lighttpd doesn't support .htaccess files like Apache httpd does. That's where the "light" in "lighttpd" comes into play.

This stackoverflow question might help

Thom avatar
kn flag
Thank you for the info. I saw the post, but for me it was only about any potential issues, if I have standard open source software that has lots of htaccess files and lighttpd ignores them, would this open security issues. I would not have the time or knowledge to write all into a config file, so for me the question is if I use standard software like owncloud, nextcloud, suitecrm, etc. and the htaccess files they have are not used, would this be a security issue in your opinion.
Nimal V avatar
cl flag
it might depends upon the opensource programs you are using
Score:0
cn flag

lighttpd has some documentation for Migrating from Apache linked from the lighttpd FAQ

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.