.htaccess being ignored?

Place to discuss Fedora and/or Red Hat
User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Jan 26, 2009 3:15 pm

Since I have set up hundreds of web servers in many many different configurations and have never once used that module I personally wouldn't hesitate to remove it. :) I wouldn't install it unless I had some specific configuration I wanted to do that required it. I haven't had a need up to this point. Having said that I see you having 3 options.

1) Remove the module as I stated previously
2) Disable the module by commenting it out the apache config file
3) Learn how to configure it and fix your existing configuration

Here is some more info on the module:
http://www.onlamp.com/pub/a/apache/2003 ... urity.html

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Mon Jan 26, 2009 3:40 pm

well if you can live without it so can I, so I'll remove it

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Jan 26, 2009 4:30 pm

Looking at your errors again I'm not so sure that will solve your problem though. It looks like you may have some configuration issues with your "joomla" whatever that is. :) See what happens after getting the mod_security clutter out of the way. Who knows, maybe that is causing the rest of your problem.

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Mon Jan 26, 2009 4:44 pm

All the errors related to the mod_security is now gone, but not the other thing, right as you said, trying to google something for this but havent found anything good yet.

You never heard of Joomla? hmm
It's CMS that I'm using for this occasion most people I know have at least heard of it lol
Last edited by Basher52 on Mon Jan 26, 2009 10:42 pm, edited 1 time in total.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Jan 26, 2009 4:55 pm

I may have heard of it in the past but I've never had any dealings with it.

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Jan 30, 2009 5:17 am

Due to this problem, is there an easy way to test if the https is setup OK,
like create an html file with just 'test' in it that I should see under https.
I still haven't got this to work and no help from their forum and I'm supposed to open this place up today. I have stopped the cart function that uses the secure link for now.


Basher52 wrote:some part of the url where you get into your account to create the order, I use https for those, well the system VirtueMart(for Joomla) requires that.

I have read, changed and rechecked everything and I think it should work, but I get these errors and they look like the other problem I had, cant remember what it was but I found it myself and you said that you never had that problem because you didn't install that program whatever it was.

There are some errors in the template but that I know already.
Can you help me out to remove that program so this starts to work?


Code: Select all


[Mon Jan 26 19:39:47 2009] [error] [client 82.196.123.58] PHP Notice:  Undefined index:  HTTP_HOST in /var/www/html/tperacing/libraries/joomla/environment/uri.php on line 164
[Mon Jan 26 19:39:47 2009] [error] [client 82.196.123.58] PHP Notice:  Uninitialized string offset:  -1 in /var/www/html/tperacing/administrator/components/com_virtuemart/virtuemart.cfg.php on line 28
Last edited by Basher52 on Fri Jan 30, 2009 11:01 am, edited 1 time in total.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Fri Jan 30, 2009 7:19 am

I don't know why you are showing the old mod_security errors from back on the 26th. Those are old errors. You do know that errors over SSL go to a different log right? If you haven't changed the logging destination they should be in the /var/log/httpd/ssl_* logs. Are you saying your stuff works with http but not with https?

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Jan 30, 2009 11:00 am

nope no real error in here, so then ssl seems to work, the nit gotta be the system itself, think I can say that it has to be the system.

...but on the other hand I know that other people get this to work although they almost certainly uses a web hotel for that thus are using a apache installment that I KNOW works and since I don't trust myself to have done this correct :P
get my dilemma?

I think I'll drop this for now.


UPDATE: I just tested this cart 'Checkout' using ordinary http and I still got the same error so it can't be related to ssl, right?
(I can tell VirtueMart not to use ssl if I want that that is what I did)

PS I removed the errors from the earlier quote to just show what error I get

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Thu Feb 12, 2009 4:12 pm

I'll continue here since we were talking about VHosts.

Now I'm here again :( I just can't find what I trashed.
I tried to make a new fresh copy of the "production" site to a new test site.
I also wanted to change the name of all stuff.
The "error" I get is that I get the same thing from both xenonlyse.se and the new xenontest.hopto.org but I can't understand why since I still don't have a config for the xenonlyse.se's VHost.
Just to test that it really gets into the same directory I created .htaccess/.htpasswd files and they both get that login popup.

This is my /etc/httpd/conf.d/xenontest.conf file and it's the only config file I got in there setting the VHosts. I also removed the port 443 since I just wanted less to see when trying to find the problem.

Code: Select all

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /xenontest /var/www/html/xenontest
<Directory /var/www/html/xenontest/>
   order allow,deny
   allow from all
</Directory>

<VirtualHost *:80>
    ServerAdmin root@localhost
    DocumentRoot /var/www/html/xenontest
    ServerName xenontest.hopto.org
    ErrorLog logs/xenontest.se-error_log
    CustomLog logs/xenontest.se-access_log common
</VirtualHost>

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Feb 12, 2009 4:53 pm

I'm about to go home so I won't be able to comment on it for a couple of hours. One thing to get in the habit of doing if you don't already is making backup copies of your configs before you edit them. Hopefully you also have off-site backups of them (and your site data).

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Feb 12, 2009 8:53 pm

I'm home but I really do not understand what the issue is. Need more detailed information.

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Feb 13, 2009 4:24 am

I found it and it had nothing to do with apache or anything.
I was inside the php scripts for VirtueMart that had a reference into the wrong url :P

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Nov 19, 2010 4:08 pm

This thing with htaccess/htpasswd is dang hard to get, at least for my simple brain :( and the big thing is the directory tree of the htpasswd file I think.

I got one static webpage setup at: /webdata2/html/kgdubben.se/
in there is a link to the webalizer "usage" page that I don't want to set public, thus using this .htaccess to limit that.
those files are placed under: /var/www/usage/ and THIS is the place I put the .ht**** files, but it just wont work.
I get full access to it but I should need to login.

I want to put the htpasswn file in a directory that no one(almost) can read and that is outside the website "root".

What shout it be and must it be fully qualified or can I use logical paths?
etc etc


UPDATE: Oh btw...
is there a way to use only ONE .htpasswd file for all stuff I want to make non-public?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Fri Nov 19, 2010 5:36 pm

You have to make sure you have AllowOverride turned on in your Apache configuration for any directory that you want to use htaccess.

User avatar
Basher52
guru
guru
Posts: 913
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Nov 19, 2010 6:21 pm

Yep, that's no problem, I used to forget that one but not this time lol
AllowOverride AuthConfig is set
I could set it to 'All' but don't think that is necessary... or it it?

When ever I move the .ht* file to /webdata2/html/kgdubben.se/ directory and when trying to browse it it always asks for the password(although the given won't work, but that's another thing)
but when these files are moved to /var/www/usage/ nothing at all happens and anyone can get in there.

Post Reply