I'm having a difficult time hiding my .htaccess file -- I double-checked to ensure the following was present in httpd.conf:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
Other allow/deny directives on directories are working and the directives in the visible .htaccess file are working.
We are running Red Hat Enterprise Linux Server release 6.3 (Santiago) and Apache/2.2.15.
My question: Aside from the obvious of, "Why is the .htaccess file still visible?" Is there some other directive that would override this directive or might I have a module missing? (I would think apache would throw an error if this were the case.)
I restarted apache after any changes to this file and even rebooted as a sanity check. I also made some other changes to this file to ensure that I was working on the correct configuration file.
Have you taken a look at How <Directory>, <Location> and <Files> sections work? It seems that there might be another directive (probably Location) evaluated later, which overrides your Files directive. It's hard to diagnose more without further details of your Apache configuration.
Related
I have difficulties making my .htacces work on my Ubuntu 14.04 LTS. I know it is a hidden file and all; I've searched everywhere and people seem to have the same problem. I've made a virtual host on my machine and all. Can someone please help me ?
ErrorDocument 404 /pages/error.php?code=404
ErrorDocument 403 /pages/error.php?code=403
You need to make sure the following things are true:
You need to check what DocumentRoot is set to. When an url beginning with a slash is detected, it will try to load that file relative to the document root. (docs) The file <documentroot>/pages/error.php must thus exist.
You need to make sure that .htaccess files are allowed by the main Apache configuration. The easiest way to test this is by entering garbage into your .htaccess file, saving it and reloading a page. You'll get an internal server error if Apache reads the .htaccess file. Otherwise the page loads as expected. To enable .htaccess files, the AllowOverride directive must allow something (see next bullet point). Additionally, check in httpd.conf if AccessFileName is set to something different than .htaccess. Change it as necessary, then RESTART APACHE. (docs)
For ErrorDocument, AllowOverride must be at least set to FileInfo. See the docs. Go to your main config file (httpd.conf), probably apache/Apachex.y.z/conf/httpd.conf. Search for the <Directory ...> block that corresponds to your http root, and look around if it contains an AllowOverride directive. Add FileInfo as one of the arguments, save the file and RESTART APACHE.
I am get issue with set WSGIPassAuthorization On directive in .htaccess.
any one can suggest how to add this variable to .htaccess ?
thank all so much.
You don't actually state what the specific error you get is when you try.
Has your Apache even been configured to allow use of .htaccess files?
Has your Apache even been configured to allow FileInfo overrides in .htaccess files?
AllowOverride FileInfo
Both would be required for WSGIPassAuthorization to work in a .htaccess file.
So please tell us what the error is you get in the browser and in the Apache error logs.
Indicate whether you have taken the steps above.
I'm running the latest Apache Server on Linux Mint 14 and trying to take my first babysteps with vhosts, where I encountered a general problem with my setup:
every option I declare in the <Directory> section doesn't seem to have any effect on any subdirectories - but as far as I know and according to the documentation it should.
For example: I'm trying to give permissions for .htaccess file by
<Directory /var/www/>
AllowOverride All
</Directory>
a .htaccess in /var/www would work properly, but e.g. a .htaccess in /var/www/test with contents "Deny from all" would take no effect.
Are there any options I have to set that I don't know of? This isn't my first apache setup so I'm kind of confused right now, but I can't find a solution.
Thank you in advance!
Got it, apache2.conf includes external vhost settings, so the default settings in sites-available/default kept overwriting mine.
I have copied one of my old applications and renamed it to New_application. I want to access .htaccess file that is inside the New_application folder. When I opened it with my text editor, it just showed Deny from all. I tried to open .htaccess in my old application, it showed Deny from all too. I remember I was able to edit it before but not sure what I can't now. Any thoughts? Thanks a lot.
Deny from all
is an .htaccess command (the actual content of that file you are trying to view). Not a denial of being able to edit the file. Just reopen the .htaccess file in the text viewer of choice and make the alterations as you so desire, save it, then reupload it to your folder of choice.
Though I think inadvertently you are blocking even yourself from viewing said application once uploaded.
I would do something like:
order deny,allow
deny from all
allow from 127.0.0.1
which will deny everyone but the IP in the allow from line, which you would change the IP to match your IP which you can obtain from http://www.whatismyip.com/ or similar site.
This syntax has changed with the newer Apache HTTPd server, please see upgrade to apache 2.4 doc for full details.
2.2 configuration syntax was
Order deny,allow
Deny from all
2.4 configuration now is
Require all denied
Thus, this 2.2 syntax
order deny,allow
deny from all
allow from 127.0.0.1
Would ne now written
Require local
You can edit it. The content of the file is literally "Deny from all" which is an Apache directive: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny
A little alternative to #gaspĀ“s answer is to simply put the actual domain name you are running it from. Docs: https://httpd.apache.org/docs/2.4/upgrading.html
In the following example, there is no authentication and all hosts in
the example.org domain are allowed access; all other hosts are denied
access.
Apache 2.2 configuration:
Order Deny,Allow
Deny from all
Allow from example.org
Apache 2.4 configuration:
Require host example.org
I run a hosting service for student at my our faculty. We run PHP with suPHP and for security we need symlinks to be set to "SymLinksIfOwnerMatch".
This has the very unfortunate error that if people have htaccess "Options FollowSymLinks" or "Options None" they will receive an internal server error.
This is a huge problem since most dristributions of OSS-software for PHP has this included in their htaccess by default (Wordpress, Drupal, Joomla and many others), and most guides in htaccess-rules always recommend "FollowSymLinks" since it's needed for mod_rewrite - it does work just as well with SymLinksIfOwnerMatch.
Does anyone have this same issue, and do anyone know how to conquer it? I was hoping to make Apache ignore Options completely. Our default ones are completely sufficient.
You want to set AllowOverride in your main config file.
If you want to turn off all use of .htaccess set
AllowOverride None
If you just want to prevent students from using Options then this should do it:
AllowOVerride AuthConfig FileInfo Indexes Limit