AllowOverride can be set to values other than "All", and should be set as narrowly as possible to meet users' needs. Consult the [http://httpd.apache.org/docs/current/mod/core.html#allowoverride Apache documentation] for valid values of this parameter. This is only required if there is a legitimate need for system users to independently change web access controls. If this is enabled, the system administrator should regularly monitor the contents of .htaccess files to ensure security is not compromised. | AllowOverride can be set to values other than "All", and should be set as narrowly as possible to meet users' needs. Consult the [http://httpd.apache.org/docs/current/mod/core.html#allowoverride Apache documentation] for valid values of this parameter. This is only required if there is a legitimate need for system users to independently change web access controls. If this is enabled, the system administrator should regularly monitor the contents of .htaccess files to ensure security is not compromised. |