.htaccess being ignored?
Since I have set up hundreds of web servers in many many different configurations and have never once used that module I personally wouldn't hesitate to remove it. :) I wouldn't install it unless I had some specific configuration I wanted to do that required it. I haven't had a need up to this point. Having said that I see you having 3 options.
1) Remove the module as I stated previously
2) Disable the module by commenting it out the apache config file
3) Learn how to configure it and fix your existing configuration
Here is some more info on the module:
http://www.onlamp.com/pub/a/apache/2003 ... urity.html
1) Remove the module as I stated previously
2) Disable the module by commenting it out the apache config file
3) Learn how to configure it and fix your existing configuration
Here is some more info on the module:
http://www.onlamp.com/pub/a/apache/2003 ... urity.html
Looking at your errors again I'm not so sure that will solve your problem though. It looks like you may have some configuration issues with your "joomla" whatever that is. :) See what happens after getting the mod_security clutter out of the way. Who knows, maybe that is causing the rest of your problem.
All the errors related to the mod_security is now gone, but not the other thing, right as you said, trying to google something for this but havent found anything good yet.
You never heard of Joomla? hmm
It's CMS that I'm using for this occasion most people I know have at least heard of it lol
You never heard of Joomla? hmm
It's CMS that I'm using for this occasion most people I know have at least heard of it lol
Last edited by Basher52 on Mon Jan 26, 2009 10:42 pm, edited 1 time in total.
Due to this problem, is there an easy way to test if the https is setup OK,
like create an html file with just 'test' in it that I should see under https.
I still haven't got this to work and no help from their forum and I'm supposed to open this place up today. I have stopped the cart function that uses the secure link for now.
like create an html file with just 'test' in it that I should see under https.
I still haven't got this to work and no help from their forum and I'm supposed to open this place up today. I have stopped the cart function that uses the secure link for now.
Basher52 wrote:some part of the url where you get into your account to create the order, I use https for those, well the system VirtueMart(for Joomla) requires that.
I have read, changed and rechecked everything and I think it should work, but I get these errors and they look like the other problem I had, cant remember what it was but I found it myself and you said that you never had that problem because you didn't install that program whatever it was.
There are some errors in the template but that I know already.
Can you help me out to remove that program so this starts to work?
Code: Select all
[Mon Jan 26 19:39:47 2009] [error] [client 82.196.123.58] PHP Notice: Undefined index: HTTP_HOST in /var/www/html/tperacing/libraries/joomla/environment/uri.php on line 164 [Mon Jan 26 19:39:47 2009] [error] [client 82.196.123.58] PHP Notice: Uninitialized string offset: -1 in /var/www/html/tperacing/administrator/components/com_virtuemart/virtuemart.cfg.php on line 28
Last edited by Basher52 on Fri Jan 30, 2009 11:01 am, edited 1 time in total.
I don't know why you are showing the old mod_security errors from back on the 26th. Those are old errors. You do know that errors over SSL go to a different log right? If you haven't changed the logging destination they should be in the /var/log/httpd/ssl_* logs. Are you saying your stuff works with http but not with https?
nope no real error in here, so then ssl seems to work, the nit gotta be the system itself, think I can say that it has to be the system.
...but on the other hand I know that other people get this to work although they almost certainly uses a web hotel for that thus are using a apache installment that I KNOW works and since I don't trust myself to have done this correct
get my dilemma?
I think I'll drop this for now.
UPDATE: I just tested this cart 'Checkout' using ordinary http and I still got the same error so it can't be related to ssl, right?
(I can tell VirtueMart not to use ssl if I want that that is what I did)
PS I removed the errors from the earlier quote to just show what error I get
...but on the other hand I know that other people get this to work although they almost certainly uses a web hotel for that thus are using a apache installment that I KNOW works and since I don't trust myself to have done this correct

get my dilemma?
I think I'll drop this for now.
UPDATE: I just tested this cart 'Checkout' using ordinary http and I still got the same error so it can't be related to ssl, right?
(I can tell VirtueMart not to use ssl if I want that that is what I did)
PS I removed the errors from the earlier quote to just show what error I get
I'll continue here since we were talking about VHosts.
Now I'm here again
I just can't find what I trashed.
I tried to make a new fresh copy of the "production" site to a new test site.
I also wanted to change the name of all stuff.
The "error" I get is that I get the same thing from both xenonlyse.se and the new xenontest.hopto.org but I can't understand why since I still don't have a config for the xenonlyse.se's VHost.
Just to test that it really gets into the same directory I created .htaccess/.htpasswd files and they both get that login popup.
This is my /etc/httpd/conf.d/xenontest.conf file and it's the only config file I got in there setting the VHosts. I also removed the port 443 since I just wanted less to see when trying to find the problem.
Now I'm here again

I tried to make a new fresh copy of the "production" site to a new test site.
I also wanted to change the name of all stuff.
The "error" I get is that I get the same thing from both xenonlyse.se and the new xenontest.hopto.org but I can't understand why since I still don't have a config for the xenonlyse.se's VHost.
Just to test that it really gets into the same directory I created .htaccess/.htpasswd files and they both get that login popup.
This is my /etc/httpd/conf.d/xenontest.conf file and it's the only config file I got in there setting the VHosts. I also removed the port 443 since I just wanted less to see when trying to find the problem.
Code: Select all
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /xenontest /var/www/html/xenontest
<Directory /var/www/html/xenontest/>
order allow,deny
allow from all
</Directory>
<VirtualHost *:80>
ServerAdmin root@localhost
DocumentRoot /var/www/html/xenontest
ServerName xenontest.hopto.org
ErrorLog logs/xenontest.se-error_log
CustomLog logs/xenontest.se-access_log common
</VirtualHost>
This thing with htaccess/htpasswd is dang hard to get, at least for my simple brain
and the big thing is the directory tree of the htpasswd file I think.
I got one static webpage setup at: /webdata2/html/kgdubben.se/
in there is a link to the webalizer "usage" page that I don't want to set public, thus using this .htaccess to limit that.
those files are placed under: /var/www/usage/ and THIS is the place I put the .ht**** files, but it just wont work.
I get full access to it but I should need to login.
I want to put the htpasswn file in a directory that no one(almost) can read and that is outside the website "root".
What shout it be and must it be fully qualified or can I use logical paths?
etc etc
UPDATE: Oh btw...
is there a way to use only ONE .htpasswd file for all stuff I want to make non-public?

I got one static webpage setup at: /webdata2/html/kgdubben.se/
in there is a link to the webalizer "usage" page that I don't want to set public, thus using this .htaccess to limit that.
those files are placed under: /var/www/usage/ and THIS is the place I put the .ht**** files, but it just wont work.
I get full access to it but I should need to login.
I want to put the htpasswn file in a directory that no one(almost) can read and that is outside the website "root".
What shout it be and must it be fully qualified or can I use logical paths?
etc etc
UPDATE: Oh btw...
is there a way to use only ONE .htpasswd file for all stuff I want to make non-public?
You have to make sure you have AllowOverride turned on in your Apache configuration for any directory that you want to use htaccess.
Yep, that's no problem, I used to forget that one but not this time lol
AllowOverride AuthConfig is set
I could set it to 'All' but don't think that is necessary... or it it?
When ever I move the .ht* file to /webdata2/html/kgdubben.se/ directory and when trying to browse it it always asks for the password(although the given won't work, but that's another thing)
but when these files are moved to /var/www/usage/ nothing at all happens and anyone can get in there.
AllowOverride AuthConfig is set
I could set it to 'All' but don't think that is necessary... or it it?
When ever I move the .ht* file to /webdata2/html/kgdubben.se/ directory and when trying to browse it it always asks for the password(although the given won't work, but that's another thing)
but when these files are moved to /var/www/usage/ nothing at all happens and anyone can get in there.