I'm the SysAdmin of an AWS EC2 instance hosting a public website. The instance is running CentOS 7 with WHM/cPanel. Our website uses both PHP 5.6 and 7.1, and cPanel utilizes EasyApache 4. Since the 26th of July, every two weeks at exactly 2:04AM our .htaccess file is being modified by cPanel and completely breaking our website. The website would no longer load the webpage but instead download a file simply called "download". The file was harmless and only contained some laravel markup.
Once we discovered that it was the .htaccess file causing the site issues, the simple fix of replacing the file with a version from a backup solved the issue temporarily. Last time it happened on the 8th, I tried to restrict access by setting to the .htaccess file by setting:
Set “Depth to recurse for .htaccess checks” to 0.
in cPanel, but no dice.
From some other posts/sites I've managed to figure out that it may be EasyApache doing the writing to the file, and that this happens when sites have multiple versions of PHP in use at the same time. Below is what's being added to the .htaccess file that's breaking it.
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php71” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php71 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Commenting this out immediately fixes the issue.
Unfortunately I can't seem to figure out a solution to this issue however and was hoping I could get some help here. The website as it is, is on ice development-wise and very few changes will be made in the future, and definitely none to the .htaccess file. There may be a quick, dirty fix changing the permissions of the .htaccess file to 444 but I want to figure out the actual issue as opposed to implementing that.
Related
I'm running a webserver on my home PC as a development version of a WordPress site which I maintain on the internet. I'm running WordPress 4.8.3, php 7.1 and apache 2.4 on a FreeBSD 11.1 system. Everything has been running fine for many months until yesterday afternoon when it suddenly stopped displaying images.
The apache error log showed "wp-content/uploads/.htaccess: php_flag not allowed here" messages.
Here's the relevant.htaccess file.
# BEGIN Wordfence code execution protection
<IfModule mod_php5.c>
php_flag engine 0
</IfModule>
<IfModule mod_php7.c>
php_flag engine 0
</IfModule>
AddHandler cgi-script .php .phtml .php3 .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
# END Wordfence code execution protection
The file was created by the WordFence security plugin to prevent code execution in the uploads directory (which is where our images are stored), it has been present for many months without causing any problem. The same file exists on our internet site which has the same versions of WordPress, php and apache on a Centos system and I'm not having any problems there (yet).
As a workaround I've deleted the .htaccess file and everything is now working correctly. Since the site isn't accessible from outside my home network this deletion doesn't present any significant security risk but I'm hoping to be able to track down and fix the cause of the problem in case it's likely fo occur on the production site.
I'm not aware of any changes which would be likely to cause this sudden change in behaviour. I was logged in as a normal user at the time making some changes to one of our plugins. That plugin would not have been able to alter any apache configuration settings although I did restore the plugin to its earlier state but that didn't have any effect.
In an attempt to track down the cause of the problem I've done the following:
checked that the apache configuration files hadn't been changed
restored the entire website code from the previous day's backup
restored the MySQL database from the previous day's backup
restored the entire operating system from the previous day's backup
None of these produced any solution to the problem.
What other factors might cause this sudden rejection of the php_flag directive?
Everything was going great until I added AddHandler application/x-httpd-php5s .php to the .htaccess file in my local server's document root (which I change frequently depending on the site I'm working with). Since I did that when I visit http://localhost:8888 my browser just downloads the index.php and it's not processed at all, just the raw code. Now I removed that line from the .htaccess file but I'm still having this problem.
I've found that if I add an alternative entry to my hosts file for 127.0.0.1 the new entry behaves like 'localhost' used to. But if I add the line above to my .htaccess it knocks out that new host as well. I've tried reinstalling MAMP and clearing its caches and all the temporary files I could find. I surfed through Apache's httpd.conf file all to no avail.
So, to be clear: http://localhost:8888 is experiencing the above problem. If I add a new entry to my hosts file for 127.0.0.1, say 'goomba' and the above line is not in the root .htaccess (and has never been for that host/alias/whatever) then I can access http://goomba:8888 just fine. But if I do add that line to the .htaccess then I have to add yet another entry to my hosts file to get around it even if I remove that line from the the .htaccess file.
I'm fine with using a different 127.0.0.1 alias (host? what is that called?) but it's bugging me that this is still broken.
Just to be clear, I'm on Mac OS Leopard (but I'm not using the built in Apache setup, but MAMP).
I've had a similar issue a couple times and renaming the file did not work for me. With OS X Lion I found the right configuration is this:
<IfModule php5_module>
AddType application/x-httpd-php .php
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
AddType application/x-httpd-php-source .phps
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
</IfModule>
The magic that made it work for me is the SetHandler application/x-httpd-php part.
Of course edit the <IfModule php5_module> to your php version.
You are applying a mimetype where a handler should be (see documentation on handlers)
Try this instead:
AddType application/x-httpd-php5 .php
EDIT:
As you have indicated caching modules are loaded, you could read up on caching and htcacheclean (to clear the disk cache). You can also temporarily use the CacheDisable directive. One other thing that you could also try is to rename the file that you have requested (e.g. index.php -> index.bak), request the file again in the browser (should now 404), then revert and try again.
Just note, make sure you don't have a htaccess file from your live environment accidentally downloaded with other files. Additionally, make sure you match your PHP version when editing htaccess. Wrong version cause same issue-wrong settings.
Here is an example for running PHP7:
application/x-httpd-ea-php71 .php .php7 .phtml
I hope this info can help - it happened to me 8 years after ticket is created :)
If someone has again this kind of issue, do something most important firstly. I mean, use private navigation (without cache).
I wasted my time because of this.
GLHF
Perhaps you want application/x-httpd-php5 instead of application/x-httpd-php5s? (Note the lack of an s at the end.)
in my case deleting or comment out "AddHandler php56-cgi .php" in my root's involved htacces files solved it
Best
For the same issue, i removed the '5' AddType application/x-httpd-php .php .htm .html
its working fine! try
I had the same issue and it was because inside this folder you have .htaccess file hidden with some custom code, for me was because I copy from my running website server. Try to rename the file and you will see your project. Then customise the file in your needs.
First check if your apache server is running. Start->Run->cmd and then execute command:
netstat -abn
Lookup the result for line like this:
TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 600 [apache.exe]
If you cant find anything listening on port 8888 ( no 0.0.0.0:8888 line) then your apache is failing to start. To find out why it cant start you should find apache log directory and examine the error.log (may be you have updated your php resently?). If you find 0.0.0.0:80 listening line but some other software is listening there (do you have IIS running?) then you should remove / reconfigure that softure to free port 80. If you have apache listening on port 80 but still cant open your site and you cant figure out what is causing the problem via examining apache log files then it my be database problem. Check if your mysql is running and listening using same command but you should be looking for
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING [mysqld-nt.exe]
If you cant find such line then your mysql server is not running - check mysql log files for errors. If both servers are running and you cant get any output in your browser then check your firewall and antivirus - they may block your requests. Hope this helps ;)
I actually had a very similar issue. All of my php files were downloading when I tried to test if php and apache were working together. It turns out they weren't working together.
I had to uninstall php, I would recomend the same course of action and then reinstalling php just using the zip file download on php.net, instead of installing it with MAMP. I think my problem was that I had used the php installer. I do not recomend using that.
This website helped me a lot, I was having an issue with apache not starting and while that is not your issue, this website solved both the apache not starting and the downloading of php files issue and even though you are on a mac it may help you as well http://forums.phpfreaks.com/topic/185771-problem-starting-apache-2214-after-installing-php-5212
Hope everything works! Good Luck!
Just remove the comment
<IfDefine PHP>
LoadModule php_module modules/libphp.so
</IfDefine>
in etc/extra/httpd-xampp.conf
In my case after cloning a repo and trying to set the project up i hade to run composer update to install the all dependencies and then it open the page instead of downloading the file
I'm helping someone out with a Wordpress 3.8 install on an older Hostgator account that uses PHP 5.2.17. I'd like to make use of some plugins which require 5.3+ .
According to Hostgator docs you should be able to simply add:
# Use PHP 5.3
AddType application/x-httpd-php53 .php
to your .htaccess file and get the desired result.
However, after adding these lines to the top or bottom of /public_html/.htaccess I get prompted to download a file in my browser when trying to visit the site:
Is there something obvious that could be causing this?
It happened to me so many times.. just check you have this on your .htaccess (When your files are uploaded to Hostgator)
# Use PHP 5.3
AddType application/x-httpd-php53 .php
and be shure you have the same thing, but commented... using # on the .htaccess lines for your locakhost (because you must have already php 5.3 or later)
# Use PHP 5.3
#AddType application/x-httpd-php53 .php
This fixed me the same issue you had, but in my local.. because i can't see your http://** i don't know if that was on your local
Best regards. :)
I got more clarification on the hosting environment. It is a HostGator VPS, which the docs state you need to submit a ticket - and not edit htaccess - to upgrade PHP.
Everything was going great until I added AddHandler application/x-httpd-php5s .php to the .htaccess file in my local server's document root (which I change frequently depending on the site I'm working with). Since I did that when I visit http://localhost:8888 my browser just downloads the index.php and it's not processed at all, just the raw code. Now I removed that line from the .htaccess file but I'm still having this problem.
I've found that if I add an alternative entry to my hosts file for 127.0.0.1 the new entry behaves like 'localhost' used to. But if I add the line above to my .htaccess it knocks out that new host as well. I've tried reinstalling MAMP and clearing its caches and all the temporary files I could find. I surfed through Apache's httpd.conf file all to no avail.
So, to be clear: http://localhost:8888 is experiencing the above problem. If I add a new entry to my hosts file for 127.0.0.1, say 'goomba' and the above line is not in the root .htaccess (and has never been for that host/alias/whatever) then I can access http://goomba:8888 just fine. But if I do add that line to the .htaccess then I have to add yet another entry to my hosts file to get around it even if I remove that line from the the .htaccess file.
I'm fine with using a different 127.0.0.1 alias (host? what is that called?) but it's bugging me that this is still broken.
Just to be clear, I'm on Mac OS Leopard (but I'm not using the built in Apache setup, but MAMP).
I've had a similar issue a couple times and renaming the file did not work for me. With OS X Lion I found the right configuration is this:
<IfModule php5_module>
AddType application/x-httpd-php .php
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
AddType application/x-httpd-php-source .phps
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
</IfModule>
The magic that made it work for me is the SetHandler application/x-httpd-php part.
Of course edit the <IfModule php5_module> to your php version.
You are applying a mimetype where a handler should be (see documentation on handlers)
Try this instead:
AddType application/x-httpd-php5 .php
EDIT:
As you have indicated caching modules are loaded, you could read up on caching and htcacheclean (to clear the disk cache). You can also temporarily use the CacheDisable directive. One other thing that you could also try is to rename the file that you have requested (e.g. index.php -> index.bak), request the file again in the browser (should now 404), then revert and try again.
Just note, make sure you don't have a htaccess file from your live environment accidentally downloaded with other files. Additionally, make sure you match your PHP version when editing htaccess. Wrong version cause same issue-wrong settings.
Here is an example for running PHP7:
application/x-httpd-ea-php71 .php .php7 .phtml
I hope this info can help - it happened to me 8 years after ticket is created :)
If someone has again this kind of issue, do something most important firstly. I mean, use private navigation (without cache).
I wasted my time because of this.
GLHF
Perhaps you want application/x-httpd-php5 instead of application/x-httpd-php5s? (Note the lack of an s at the end.)
in my case deleting or comment out "AddHandler php56-cgi .php" in my root's involved htacces files solved it
Best
For the same issue, i removed the '5' AddType application/x-httpd-php .php .htm .html
its working fine! try
I had the same issue and it was because inside this folder you have .htaccess file hidden with some custom code, for me was because I copy from my running website server. Try to rename the file and you will see your project. Then customise the file in your needs.
First check if your apache server is running. Start->Run->cmd and then execute command:
netstat -abn
Lookup the result for line like this:
TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 600 [apache.exe]
If you cant find anything listening on port 8888 ( no 0.0.0.0:8888 line) then your apache is failing to start. To find out why it cant start you should find apache log directory and examine the error.log (may be you have updated your php resently?). If you find 0.0.0.0:80 listening line but some other software is listening there (do you have IIS running?) then you should remove / reconfigure that softure to free port 80. If you have apache listening on port 80 but still cant open your site and you cant figure out what is causing the problem via examining apache log files then it my be database problem. Check if your mysql is running and listening using same command but you should be looking for
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING [mysqld-nt.exe]
If you cant find such line then your mysql server is not running - check mysql log files for errors. If both servers are running and you cant get any output in your browser then check your firewall and antivirus - they may block your requests. Hope this helps ;)
I actually had a very similar issue. All of my php files were downloading when I tried to test if php and apache were working together. It turns out they weren't working together.
I had to uninstall php, I would recomend the same course of action and then reinstalling php just using the zip file download on php.net, instead of installing it with MAMP. I think my problem was that I had used the php installer. I do not recomend using that.
This website helped me a lot, I was having an issue with apache not starting and while that is not your issue, this website solved both the apache not starting and the downloading of php files issue and even though you are on a mac it may help you as well http://forums.phpfreaks.com/topic/185771-problem-starting-apache-2214-after-installing-php-5212
Hope everything works! Good Luck!
Just remove the comment
<IfDefine PHP>
LoadModule php_module modules/libphp.so
</IfDefine>
in etc/extra/httpd-xampp.conf
In my case after cloning a repo and trying to set the project up i hade to run composer update to install the all dependencies and then it open the page instead of downloading the file
I'm trying to port a PHP site developed by another coder (who is no longer around) and I'm having a problem with the Apache Rewrite rules which are prompting a file download on the target server. I'm sure this is a simple problem, but I'm having some difficulty Googling an answer. I'm running on a (dedicated) Ubuntu Server with a standard installation of Apache and PHP5 and porting from shared a shared server where everything runs fine. No site files have been altered during the port.
The .htaccess file contains this code (only)
# Use PHP5 as default
AddHandler application/x-httpd-php5 .php
Options -Indexes FollowSymlinks
RewriteEngine on
RewriteRule ^html/(.*) /index.php?init=site\/$1\/$2\/$3\/$4\/$5\/$6\/$7\/$8\/$9
RewriteRule ^mykart$ /index.php?admin=true
RewriteRule ^mykart/$ /index.php?admin=true
RewriteRule ^mykart/(.*)$ /index.php?init=admin\/$1\/$2\/$3\/$4\/$5\/$6\/$7\/$8\/$9&admin=true
When I try to open the file http://www.mysite.com/html/#home the browser attempts to download the (index.php) file instead of displaying it, with the message
"You have chosen to Open
[dialog shows blank space here]
which is a: application/x-httpd-php
from....
"
I guess I must have missed something in either the PHP or Apache configuration, but what?
EDIT: To clarify, the server is running Apache2 and has several, functioning, PHP sites on it. Furthermore if I delete the .htaccess file and run a simple phpinfo display page everything runs fine, so it's not the execution of PHP per see.
I suppose that the MIME type application/x-httpd-php5 is not valid. I’ve tried it on my local machine and it caused the same behavior.
Have you tried application/x-httpd-php instead?
Looks like an Apache config issue, of course I could be wrong. Have you checked httpd.conf for the following lines:
# Add index.php to your DirectoryIndex line:
DirectoryIndex index.html index.php
AddType text/html php
I had a similar issue. Browser attempted to download links from php website, instead of loading them.
It wasn't Php interpreter issue for me, it turned out to be misplaced .htaccess file. However, I didn't realized that disabling the htaccess file solved the issue for hours, due to browser cache.
So, don't forget to clear your browser caches! And restart Apache.