-1

I have installed a forum software called phpBB. Inside it's server config file, .htaccess I see the following:

#
# Uncomment the statement below if you want to make use of
# HTTP authentication and it does not already work.
# This could be required if you are for example using PHP via Apache CGI.
#
# RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

And then this:

#
# If symbolic links are not already being followed,
# uncomment the line below.
# http://anothersysadmin.wordpress.com/2008/06/10/mod_rewrite-forbidden-403-with-apache-228/
#
# Options +FollowSymLinks

So for the first piece of code I looked up my phpinfo(); and it said that my server API is CGI/FastCGI, PHP version 5.5.15. I belive that's what the comment means? So should I use the commented code and what does it do anyway?

Secondly I don't have Options +FollowSymLinks inside my root .htaccess file because I need some understanding on what it does, perhaps I'll Google it now...

Thanks in advance - any ideas?

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
PowerUser
  • 812
  • 1
  • 11
  • 32

1 Answers1

2

The first comment refers to HTTP authentication. If you are using HTTP auth, you're authenticating using an HTTP protocol mechanism, and not using forms like with PHP. That means if you are using HTTP auth and you are using something like PHP and want your PHP scripts to recognize that someone has successfully authenticated using the HTTP mechanism, then uncomment that line.

Specifically, the RewriteRule line takes the authorization header of the HTTP request, and stored it in an environment variable called "HTTP_AUTHORIZATION". This allows scripts (like php) to access the authorization information, and parse out a username and/or password.

The difference between HTTP auth is most easily noticed by your browser popping up a window asking for a username and password (perhaps for a "Realm") instead of a web form in the content of the page you are viewing.

The second comment is based on the files that you are serving. If the files that you serve have no symbolic links (this is sort of like a "shortcut" in windows, but in a much more basic level). If you don't know what symbolic links are, you're probably not going to care about this.

Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • Oh, I sure don't want to have a popup like in browser ftp://, that's what you mean don't you? PErhaps I'll leave the file as it was. – PowerUser Jul 30 '14 at 15:16
  • @PowerUser http://en.wikipedia.org/wiki/Basic_access_authentication It's similar to when you go to an FTP link, except it is sorted by "Realms", and username/password gives access to a "realm" of URLs. But yes, the browser pops up a window, just like if you go to an ftp:// URL that requires a login. – Jon Lin Jul 30 '14 at 15:18