Please also check the known bugs page.
AuthGroupFile-specified group file format allows commas between user names - Apache does not.
AddTypeonly accepts one file extension per line, without any dots (
.) in the extension, and does not take full filenames. If you need multiple extensions per type, use multiple lines, e.g.
AddType application/foo foo
AddType application/foo bar
If you follow the NCSA guidelines for setting up access restrictions
based on client domain, you may well have added entries for,
AuthType, AuthName, AuthUserFile or
None of these are needed (or appropriate) for restricting access
based on client domain.
When Apache sees
AuthType it (reasonably) assumes you
are using some authorization type based on username and password.
AuthType, it's unnecessary even for NCSA.
AuthUserFilerequires a full pathname. In earlier versions of NCSA httpd and Apache, you could use a filename relative to the .htaccess file. This could be a major security hole, as it made it trivially easy to make a ".htpass" file in the a directory easily accessable by the world. We recommend you store your passwords outside your document tree.
OldScriptAliasis no longer supported.
exec cgi=""produces reasonable malformed header responses when used to invoke non-CGI scripts.
We might add
virtual support to
exec cmd to
make up for this difference.
.asisfiles: Apache 0.6.5 did not require a Status header; it added one automatically if the .asis file contained a Location header. 0.8.14 requires a Status header.