OpenShift Options +Indexes still do not work - .htaccess

When I place Options +Indexes in .htaccess I always get 404 instead of DirectoryListings. However this wasn't always possible now it should be. But I can't get it working.
I have a folder of images which I need to get listed. I'm using the perl-5.10 cartridge.

Options +Indexes is disabled on OpenShift due to security risks. It can not be enabled by the user.

Related

Disabling directory browsing with htaccess

Can some please clarify which of the following should be used for disabling directory browsing via htaccess?
Options -Indexes or Options All -Indexes
What is the difference between the two and in what instance should either be used?
Thank you.
Create a .htaccess file with the following:
Options -Indexes
Enabling directory browsing in Apache can be security issue - especially if used in production.
You can disable directory browsing by specifying Options -Indexes.
Note that it is better to do this in Apache configuration file / vhost files than in .htaccess.

new Symfony project on apache server needs mod_rewrite code?

I have just created a new (test) symfony project and set my apache webroot to /home/user/project/ (not sure if it should be /home/user/project/web/?)
However, from what I understand based on the lightbulb section here: http://symfony.com/doc/current/book/page_creation.html#the-web-directory - there isn't any internal rerouting occurring. Therefore, this does not work:
http://localhost/random/10
but these do work:
http://localhost/app_dev.php/random/10
http://localhost/app.php/random/10
To double check, if I start the internal PHP server (php app/console server:start) then everything gets rerouted correctly - this does work:
http://localhost:8000/random/10
Am I right in thinking that I need to make changes to .htaccess? If so, is there a 'standard' section of code for using apache with symfony?
EDIT:
I have updated my apache2.conf (which for others would be httpd.conf if not on ubuntu as I understand it) as below:
<Directory /home/user/Project/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
If I remember correctly, .htaccess alredy defines DirectoryIndex as app.php. However, your Apache config file httpd.conf might be blocking the override.
Make sure that you have that line in your .htaccess and also check the value of AllowOverride (docs) within your httpd.conf. Try setting AllowOverride to All and see if that works.

What exactly does the Multiviews options in .htaccess?

I've been struggling a lot with an access rule that needed to rewrite one piece of URL adding a path.
RewriteRule ^(configuration/.+)$ application-server/$1 [L,NC,R=301,NE]
This Rule caused just a blank page on my Joomla site with no error log or messages.
The curious thing is that all other rules I had worked perfectly:
RewriteRule ^(log/.+)$ application-server/$1 [L,NC,R=301,NE]
RewriteRule ^(monitor/.+)$ application-server/$1 [L,NC,R=301,NE]
in the end, I've found in a forum a suggestion to use the following option:
Options -Multiviews
That actually solved the issue, however I wonder if there can be any side effects on other Rules when using this option.
This is about Apache content negotiation.
A MultiViews search is where the server does an implicit filename pattern match, and choose from amongst the results.
For example, if you have a file called configuration.php (or other extension) in root folder and you set up a rule in your htaccess for a virtual folder called configuration/ then you'll have a problem with your rule because the server will choose configuration.php automatically (if MultiViews is enabled, which is the case most of the time).
If you want to disable that behaviour, you simply have to add this in your htaccess
Options -MultiViews
This way, your rule will be now evaluated because content negotiation is disabled.
Edit
On some shared hostings, the negotiation module might not be enabled. That would give you then a 500 error. To avoid this error, you can, by default, encapsulate the directive in an IfModule block.
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>

Web server not reading .htaccess file

I have Ubuntu 12.10 with apache2 installed, and my .htaccess file is not working. I have it set up to be able to not have .php file extensions in the links, so it looks like www.website.com/login instead of /login.php, but it says that the URL "/login" is not found on the server. I have read this page and it says something about "AllowOverride All" but I don't know where that is, or if I need to add it, where I would add it.
EDIT: I have found this link and have found what it says, but it says that I have an Internal Server Error on any page I go to. I have changed the to
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
but it says Internal Server Error
EDIT #2: In the error log, it says
/var/www/.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
EDIT #3: Found the answer here: .htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
Make sure you have enabled mod_rewrite in your .htaccess.
Also make sure you these lines at the top of your .htaccess:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
i.e. turn the MultiViews options off.
Also see this Q&A for a similar problem and my answer.
You should have or specify Directory-block in your apache configurations. You can find AllowOverride documentation here: http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
And documentation about <Directory> is here: http://httpd.apache.org/docs/2.2/mod/core.html#directory
In short: specify where you would like to allow the settings to be overridden with <Directory /path/to/your/directory> and then use AllowOverride all in that directory block.

Need Apache to ignore options in .htaccess

I run a hosting service for student at my our faculty. We run PHP with suPHP and for security we need symlinks to be set to "SymLinksIfOwnerMatch".
This has the very unfortunate error that if people have htaccess "Options FollowSymLinks" or "Options None" they will receive an internal server error.
This is a huge problem since most dristributions of OSS-software for PHP has this included in their htaccess by default (Wordpress, Drupal, Joomla and many others), and most guides in htaccess-rules always recommend "FollowSymLinks" since it's needed for mod_rewrite - it does work just as well with SymLinksIfOwnerMatch.
Does anyone have this same issue, and do anyone know how to conquer it? I was hoping to make Apache ignore Options completely. Our default ones are completely sufficient.
You want to set AllowOverride in your main config file.
If you want to turn off all use of .htaccess set
AllowOverride None
If you just want to prevent students from using Options then this should do it:
AllowOVerride AuthConfig FileInfo Indexes Limit

Resources