I tried to allow access to a directory by using the .htaccess file.
This is my .htaccess:
<Directory Bilder_Team>
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
The directory is "Bilder_Team". If I open the link to this directory, it shows me
500 Internal Server Error
How can I fix this?
Use this htaccessCheck for future checks or problems. Your problem as you could see, once checked, is that you are not allowed tags such as <Directory> in .htaccess files.
Instead put the .htaccess directly into the Build_Team directory and leave off the surrounding tags.
Possibly, a bigger problem is the use of AllowOverride None, which disables the use of .htaccess files and, obviously, has no part of any .htaccess file. AllowOverride directive can only be part of the main config file!
As shown the snippet is correct iff put in the httpd.conf file (name could vary). Which actually, if possible, is the better way to do it.
For more information about security concerns, you could refer to this StackOverflow answer.
Hope this helps!
Related
I'm having a problem where it seems like my Vagrant VirtualBox isn't reading the .htaccess file for a site I have mapped out. (a proccesswire site)
I've don't know enough about Vagrant to find where I should be editing the directives so that my .htaccess file will be read. As far as I've gathered from searching I need to set a directive like so:
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
It seems the primary offender is the AllowOverride is typically set to "None" and needs to be "All". But I have put this in a httpd.conf file in apache and I'm guessing that isn't correct.
A bit more information: When I installed PW in the site root I got this error: " Unable to determine if Apache mod_rewrite (required by ProcessWire) is installed. ". As a result when I try to access a part of the CMS, that is usually handled by rewrite rules, the url (/admin or /processwire by default) just reroutes me to the homepage.
Also, I can delete everything in .htacess or add garbage to it and no errors occur. This tells me that .htacess isn't even being read.
I appreciate the help.
I have tried to run php in .html file and failed despite trying all solution suggested here. Someone suggested it maybe because Apache is not setup to accept .htaccess overrides. Maybe that is the reason. Now the question is how do I setup Apache?
To be able to use .htaccess files, the directive AllowOverride must be set for the directory into which you want to put .htaccess files. E.g.:
<Directory "/usr/local/httpd/htdocs">
AllowOverride All
</Directory>
This must be set in the core httpd.conf file of Apache. If you're on a shared host, you likely have no access to that (and that's correct, for security reasons).
in my apache sites-available/default file i had change the config to folowing:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All //originally was AllowOverride None
FallbackResource rewrite.php //i added this line, too
Order allow,deny
allow from all
</Directory>
i wanted to handle all url calls in my own rewrite.php file. this works, when i visit my site at http://192.168.1.104:4567/web/knxzkcha but doesnt work when i go for http://192.168.1.104:4567/web/. i got this problem in firefox : The connection to the server was reset while the page was loading.
the index site http://192.168.1.104:4567/web/index.php works flawlessly and shows me my index.php file. all i want is to let me show the index file when visiting the root directory, too. /var/www points to the /web directory. i have some ubuntu 12.04 server 64 LTS edition
when i rewert the config lines, the root gives me the index file by default.
You do not need to add AllowOverride All, telling apache to avoid IO by checking existence of .htaccess files in current directory and all parents directories with AllowOverride None is a good recipe for speed. Avoid .htaccess files if you can edit Apache configuration.
Now FallbackResource is a quite new feature and may have some bugs. Did you check the ErrorLog for details? Could you try that with LogLevel debug?
It seems you problems is with directories, maybe you could fix it by enforcing usage of your fallback when a Directory is requested, try to add:
DirectoryIndex rewrite.php
I am not sure why this is happening as I am not very knowledgeable when it comes to Apache. Below is a copy of my VirtualHost.
If this gives any extra help as to how to get it to work, I am trying to run a CakePHP site. I know the site itself has no issues as I have another location I manage the code from and can get it running locally through Apache there.
<virtualhost *:80>
DocumentRoot "C:/sites/sitename"
ServerName dev.sitename.com
ErrorLog "logs/sitename.com-error.log"
CustomLog "logs/sitename.com-access.log" common
<directory "C:/sites/sitename">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from all
</directory>
</virtualhost>
I am running this on Apache 2.0 and Win7sp1
UPDATE
I never found the real solution using the route I was on. I downloaded a fresh copy of WAMP and was soon able to get everything up and running, no problem.
In order to prevent apache from showing the directory listing, you need to disable indexes. Also, it's best to disable MultiViews as that will enable content-negotiating, which may produce unwanted side-effects
Change the options to;
Options -Indexes FollowSymLinks
Then, check that the .htaccess file is present inside your webroot (C:/Sites/Sitename), as that file is used to enable mod_rewrite
Additional pointers/hints
First of all, make sure that the DocumentRoot is pointing to the right directory of your application;
The standard directory structure of CakePHP looks like this;
app
/Config
/Controllers
/Views
......
/webroot
lib
/Cale
plugins
The DocumentRoot should point to your `app/webroot' directory, which contains all 'public' files.
Change the paths/directories in your virtual host to that directory and restart Apache.
If you're still getting a 403 error, change the URL you're visiting in your browser to this;
http://mywebsite.com/index.php
If this does work, check if the .htaccess file is present in that directory and mod_rewrite is installed in your Apache.
According to the answer from "thaJetzah" (sorry, can't comment yet:) )
403 Forbidden is better than having the index of the folder, because now you can see the logs/sitename.com-error.log log and hopefully it tells you, why it gives 403.
Just to make sure: The index.php is in the folder "C:/sites/sitename"?
If you can't isolate the error like this, it would be great to post here the output of the error.log when you try to access the page and it gives you 403.
Check this If you are running Ubuntu.
So, ok. I have many php files and one index.php file. All files can't work without index.php file, because I include them in index.php. For example. if somebody click Contact us the URL will become smth like index.php?id=contact and I use $_GET['id'] to include contacts.php file. But, if somebody find the file's path, for example /system/files/contacts.php I don't want that that file would be executed. So, I figured out that I can add before including any files in index.php line like this $check_hacker = 1 and use if in every files beginning like this if($check_hacker <> 1) die();. So, how can I do it without opening all files and adding this line to each of them? Is it possible? Because I actually have many .php files. And maybe there is other way to do disable watching separate file? Any ideas? Thank you.
You could put your index.php alone in your web directory. And put all the files it includes in another non web directory.
Let's say you website http://www.example.com/index.php is in fact /path/to/your/home/www/index.php, you can put contact.php in /path/to/your/home/includes/contact.php. No .htaccess, rewrite, auto appending. Just a good file structure and a server configured like needed.
Edit to detail my comment about using xamp :
In your httpd.conf file, add something like this :
<Directory "/path/to/your/site/root">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
<VirtualHost *:80>
DocumentRoot /path/to/your/site/root
ServerName www.example.org
</VirtualHost>
Then in your windows hosts file (in C:\Windows\System32\drivers\etc), add this line :
127.0.0.1 www.example.com
I would highly recommend to use the .htaccess file to rejects all requests for files diffrent to index.php but I am not quite sure how to do that propperly.
This might work (can't test it now) but it will also block requests to css, js and so on:
order deny,allow
<FilesMatch "\.php">
deny from all
</FilesMatch>
<FilesMatch "(index.php)">
allow from all
</FilesMatch>
If someone knows the right solution, please edit my answer.
You might check this question: Deny direct access to all .php files except index.php
So you might have a FilesMatch only for php files in addition to the index.php rule.
EDIT: The new version of the code seems to work.
In response to Kau-Boy:
Place all your php files (except index.php) in a new directory and put the .htaccess file with the following contents:
deny from all
Make sure you don't put any images/css/jscript resources in this directory, because they will be blocked as well.
I'd use mod_rewrite in this case (if you are using Apache). It's much cleaner solution than writing gazillions of useless ifs in PHP.
This way, if someone wanted to "hack it" and tried /system/files/contacts.php, it'd redirect them to index.php?id=contact or whatever other site.
In your php.ini or in you htaccess set the following variable:
auto_prepend_file="[path to some .php file]"
This will include a header file of your choice that will be included before all php scripts on the system.
The php.ini directive auto_append_file, will create a footer that is included at the end of all PHP files on the system.
Check out the technique at http://www.electrictoolbox.com/php-automatically-append-prepend/
RewriteCond %{REQUEST_URI} system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
Will redirect any attempt to system folder back to root!