Vanilla has excellent built-in support for Apache. It’s designed to work without additional confguration being necessary, but every setup is different.
You need to have the mod_rewrite module enabled.
Vanilla includes an .htaccess file for full Apache support.
.htaccess files must be enabled for your web root (unless you can use the content of the
.htaccess in your main server config file instead).
It’s renamed to
.htacess during the install process. It’s named with a
.dist appended to start to prevent folks from accidentally overwriting it during copy/paste upgrades.
To run Vanilla in a subfolder, you may need to edit it as indicated within the file.
.htaccess already comes with some decent security hardening:
- The only PHP script that can be requested directly is
- Folders that should not be accessed from the web return a 403.
Default VirtualHost entry
By default, Apache will respond to any ServerName option until a domain which doesn’t match any VirtualHost is requested. Make sure you have a default entry added. Not doing so can make you susceptible to host header injection attacks. (tricking your server into rendering pages based on a third-party domain).
Also see these VirtuaHost Examples.
We’re always eager to learn about various host restrictions and challenges you might run into. Start a discussion on the community forum to tell us about situations you’ve come across or to request help with Apache.