0

I have a webserver with limited resources and therefore I decided to use lighttpd as my webserver software. However, I notice now that it does not recognizes apache .htaccess files. Most of the software I use and opensource scrips have plenty of .htaccess files in several directories. So I am nervous that I might unintentionally open security holes.

So my question would be, do I create myself issues on using lighttpd that does not use htaccess. Are there security issues I am facing when using standard open source software that is optimized for htaccess files?

I try to assess if it is better to go back to Apache 2.4. I only used lighttpd because I thought it would be less heavy on my limited resources.

Dave M
  • 4,514
  • 22
  • 31
  • 30
Thom
  • 41
  • 1
  • 3
  • using .htaccess in Apache httpd is not even recommended unless you are not the admin of the site, so why do you want to keep using them? htaccess does not add any security either. Do not use htaccess with Apache httpd or try to export it anywhere else either, that's my suggestion. – Daniel Ferradal Jun 15 '21 at 06:29
  • Well, I do not use htaccess, since I am not a programer. However, I use several open source programs sich as CRM, HR Software, sales automation, cloud, etc. and all of them have plenty htaccess files in the directories. I would not have the knowledge to assess if they are needed or not, I just see they are there. So this was bringing the question if I use lighttpd and these htaccess files are ignored, would this be a security issue. – Thom Jun 15 '21 at 09:02

2 Answers2

0

lighttpd doesn't support .htaccess files like Apache httpd does. That's where the "light" in "lighttpd" comes into play.

This stackoverflow question might help

Nimal V
  • 17
  • 3
  • Thank you for the info. I saw the post, but for me it was only about any potential issues, if I have standard open source software that has lots of htaccess files and lighttpd ignores them, would this open security issues. I would not have the time or knowledge to write all into a config file, so for me the question is if I use standard software like owncloud, nextcloud, suitecrm, etc. and the htaccess files they have are not used, would this be a security issue in your opinion. – Thom Jun 15 '21 at 09:06
  • it might depends upon the opensource programs you are using – Nimal V Jun 15 '21 at 09:19
0

lighttpd has some documentation for Migrating from Apache linked from the lighttpd FAQ

gstrauss
  • 276
  • 1
  • 5