4.2.1. Dependency Charts
4.2.2. Bug Graphs
4.2.3. The Whining Cron
4.2.6. .htaccess - files and security
To enhance the security of your Bugzilla installation, Bugzilla's - checksetup.pl script will generate - .htaccess - - - files which the Apache webserver can use to restrict access to the - bugzilla data files. - These .htaccess files will not work with Apache 1.2.x - but this - has security holes, so you shouldn't be using it anyway. -
If you are using an alternate provider of - webdot - - services for graphing (as described when viewing - editparams.cgi - - in your web browser), you will need to change the ip address in - data/webdot/.htaccess - - to the ip address of the webdot server that you are using. |
The default .htaccess file may not provide adequate access - restrictions, depending on your web server configuration. Be sure to - check the <Directory> entries for your Bugzilla directory so that - the - .htaccess - - file is allowed to override web server defaults. For instance, let's - assume your installation of Bugzilla is installed to - /usr/local/bugzilla - - . You should have this <Directory> entry in your - httpd.conf - - file:
-
<Directory /usr/local/bugzilla/> - Options +FollowSymLinks +Indexes +Includes +ExecCGI - AllowOverride All -</Directory> - |
The important part above is - "AllowOverride All" - - . Without that, the - .htaccess - - file created by - checksetup.pl - - will not have sufficient permissions to protect your Bugzilla - installation.
If you are using Internet Information Server (IIS) or another - web server which does not observe - .htaccess - conventions, you can disable their creation by editing - localconfig - and setting the - $create_htaccess - variable to - 0. -