Hi all, I want to add some recommended Joomla settings to: Sites->Options->Apache Directives Is the following syntactically/format OK: (where XXX is the correct client directory) Code: <Directory "/var/www/webXXX/web"> Options FollowSymLinks php_admin_flag register_globals Off php_admin_value disable_functions "show_source system shell_exec passthru exec phpinfo popen proc_open" php_admin_flag allow_url_fopen Off php_admin_flag magic_quotes_gpc On php_admin_value session.save_path "/var/www/webXXX/phptmp/" php_admin_value memory_limit 24M php_admin_value open_basedir "/var/www/webXXX/" </Directory> RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] Am I correct in thinking this will negate the need to use the Joomla created .htaccess file (or htaccess.txt before renaming manually) - it appears to contain all of the below settings? But does it have the same effect? Is this a better approach than using the .htaccess file in that it is slightly less work for the server (apache directives parsed once as opposed to each page visit for .htaccess files)? Here is the contents of the generic Joomla created .htaccess file (named htaccess.txt on install then renamed manually for mod_rewrite): Code: ## # @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $ # @package Joomla # @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ## ##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # ##################################################### ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks # # mod_rewrite in use RewriteEngine On ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # ## Deny access to extension xml files (uncomment out to activate) #<Files ~ "\.xml$"> #Order allow,deny #Deny from all #Satisfy all #</Files> ## End of deny access to extension xml files RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root) # RewriteBase / ########## Begin - Joomla! core SEF Section # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] # ########## End - Joomla! core SEF Section I think this has been asked in part before but if someone could clarify I would be most thankful. It would be much easier for me to just drop this in apache directives via ISPConfig3 than renaming the files via FTP. I would like to follow best practices though... Cheers!!
Thanks very much for the clarification. Much appreciated & all the best. EDIT - Ahhh, I spoke too soon... having deleted the content of (also tried removing) the .htaccess file the site is not working... If I put the file back, the sites works... I will try and isolate which settings are causing the issue and repost but for anyone reading this, the Apache Directives settings above DO NOT WORK, you must use the .htaccess file For instance, Joomla reports that magic_quotes_gpc = OFF and the syntax of "Options FollowSymLinks" is actually "Options +FollowSymLinks" which can be checked by editing the .htaccess file (without "+" the site does not work and with it it does - which begs the question if it was entered under Apache Directives incorrectly, was it having any effect at all???) Anyway, I'll have a fiddle about and see what I can figure out...
I'm just wondering,... but do the "php_admin" values belong in the Apache Directives area or should they perhaps be in the Custom php.ini area? I'll try adding: Code: magic_quotes_gpc = On to the custom php.ini and see if it changes the joomla system info report in any way,.. ATM the value is OFF. EDIT - OK, that worked! So I'll sort out the php settings from the apache directives and see if I can make some sense of it all 1 step back, 2 steps forward
I have also a questin abot custom php.ini settings I have put in the box: Code: upload_max_filesize = 50M post_max_size = 50M max_execution_time = 300 max_input_time = 300 Do I have to restart or does this goes in action after some time? And how would I check if it's in place?
DaRKNeSS666NL, In my experience, Apache reloads its settings when one makes changes to those INI and Apache directives. Perhaps Falko or Till is able to comment as to the mechanism and timing for Apache reloading the settings. It seems to take 2-5 minutes in most cases for the reload to occur after changes are made. To check if the settings are in effect, create a .php file with PHP: <?php phpinfo(); exit; and place it inside the directory that you expect your changes to affect. Access the PHP file in a browser and it should spit-out all of the effective values. Be mindful that you should not permit others to access this PHP file (and I recommend that you delete it after everything appears to be functioning as expected). While the effective PHP runtime values will be reflected in the output, Webmin is also incredibly useful to see how Apache is applying any Apache-specific directives (those that are pasted into the bottom box, labeled "Apache directives", on the same ISPConfig page). Within Webmin, go to Servers -> Apache Server -> [choose virtual server] -> Show Directives. Hope that helps!
Just have made the chances in custom php.ini and waited a whileand voila all is there. So indeed no restart or whatever is needed.
You can see in the ispconfig monitor > jobqueue when the changes had been applied, only open jobs are listed there. It takes normally about one minute.
