.htaccess functionality does not work

Discussion in 'Installation/Configuration' started by kalikoder, Mar 8, 2007.

  1. kalikoder

    kalikoder New Member

    Hi-

    I am running ISPconfig on Suse Linux 10.1 with three virtual hosts setup to share the same ip. Everything is working very well, except the .htaccess functionality in any of the sites. Whenever I try to use a PHP script that uses .htaccess file in its directory, I get a 500 internal server error. No matter which site.

    I have browsed the forum, and researched this issue. Following is my error log file from one of the sites:
    [Wed Mar 07 11:41:40 2007] [alert] [client 142.xx.xx.xxx] /srv/www/web7/web/blogs/.htaccess: Options not allowed

    I believe that the issue is about .htaccess not being allowed globally or something. Following is an excerpt from my /etc/apache2/httpd.conf file:
    <Directory /srv/www/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    In the above I have tried changing "AllowOverride None" to "AllowOverride All" and restarted apache, but it makes no difference

    Please let me know if you want to see my /etc/apache2/vhosts/Vhosts_ispconfig.conf file, it currently does not have any <Directory> </Directory> sections.

    Can you please point me in the right direction.. is there a howto telling how to get the .htaccess functionality working on ISPConfig. Please let me know if you need any more information.

    Thanks in advance
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Please change it to
    Code:
    <Directory /srv/www/*/web>
    Options +Includes -Indexes
    #AllowOverride None
    #AllowOverride Indexes AuthConfig Limit FileInfo
    AllowOverride All
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>
     
  3. kalikoder

    kalikoder New Member

    Thanks for the reply Falko. I am not very good on how the .htaccess works exactly, but just wanted to ask you if there are any security risks associated with doing a "AllowOverride All" , can a hacker take advantage of this and compromise the system in some way..

    Thanks again
     
  4. falko

    falko Super Moderator Howtoforge Staff

    Well, it would allow a customer that does not pay for PHP to enable PHP for his web site (if he knows about .htaccess). The same goes for other features. He might even be able to switch off PHP Safe Mode, and that would be a security risk.

    But you can take a look http://httpd.apache.org/docs/2.0/mod/quickreference.html
    It will tell you what you need to put behind AllowOverride to get your directives working.
     
  5. teves

    teves Member

    Hello,

    I have a similar problem with a php knowledgebase script (kbpublisher).

    What I'd like to know is: is it possible to set the AllowOverride options in the vhosts config file per web?
    I'd like to be able to allow the usage of certain .htaccess options in only one web.

    Thank you,
    regards, Tom
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Sure, you can add something like

    Code:
    <Directory /path/to/directory>
    AllowOverride All
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>
    in the Apache Directives field of a web site in ISPConfig.
     
  7. teves

    teves Member

    Aaah! Cool!

    But what path do I need to enter into the directory tag of the htaccess file? The absolute path to the web in question, eg. <directory /srv/www/web123/web > ?

    And do I have to restart apache after changing the apache directive field of a web?
     
  8. teves

    teves Member

    Hello,

    no need to answer, I found it out myself in the meantime. And it works great! Thank you very much for the hint!

    To point it out for others with the same problem:
    The path must be relative to the /srv/www/webXX/web folder (at least on my Suse 10.1 / ISPConfig 2.28 Server).
    Another thing one needs to know is that it takes a bit of time for the changes in the Apache Directives field to take effect.

    regards, Tom
     

Share This Page