VoidVoid wrote:Here is the real fix:
A basic knowledge of apache and how to configure it is assumed, if you dont know how to edit a text file and read documentation, please turn off your computer now.
If you have access to your apache server configuration:
Options Indexes Includes FollowSymLinks
Allow from all
See the AllowOverride All part? That is the part that tells the server that .htaccess files are allowed to override certain configuration directives. In this case I have set mine to "all" which means my .htaccess can now set whatever it wants. You will note this applies to the Directory /usr/local/apache2/htdocs so if you store your files someplace else, you might need to change that path.
No I don't have to remove the .htaccess files and possibly expose information to the people I don't want seeing it.
If you are on a webhost that has this directive set to NONE (or something that restricts the Order directive) then you must remove the .htaccess files.
This does not mean you are totally open to attack, it just means you have one less layer of security. You'll live.
Well, that's not the real fix. Most, if not all, people that are having trouble with this will not have access to the apache config. Those that do will more than likely already know about this. Besides, setting it to all (not that all isn't helpful) creates a security risk as people can now do things that you didn't intend to do.