Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th November 2010, 12:21
GregMawo GregMawo is offline
Junior Member
 
Join Date: Oct 2010
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Apache Directives - is this correct format & syntax?

Hi all,

I want to add some recommended Joomla settings to:
Sites->Options->Apache Directives

Is the following syntactically/format OK: (where XXX is the correct client directory)

Code:
<Directory "/var/www/webXXX/web">
Options FollowSymLinks
php_admin_flag register_globals Off
php_admin_value disable_functions "show_source system shell_exec passthru exec phpinfo popen proc_open"
php_admin_flag allow_url_fopen Off
php_admin_flag magic_quotes_gpc On
php_admin_value session.save_path "/var/www/webXXX/phptmp/"
php_admin_value memory_limit 24M
php_admin_value open_basedir "/var/www/webXXX/"
</Directory>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
Am I correct in thinking this will negate the need to use the Joomla created .htaccess file (or htaccess.txt before renaming manually) - it appears to contain all of the below settings? But does it have the same effect?

Is this a better approach than using the .htaccess file in that it is slightly less work for the server (apache directives parsed once as opposed to each page visit for .htaccess files)?

Here is the contents of the generic Joomla created .htaccess file (named htaccess.txt on install then renamed manually for mod_rewrite):

Code:
##
# @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##


#####################################################
#  READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

##  Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

#
#  mod_rewrite in use

RewriteEngine On

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update Your Joomla! Directory (just / for root)

# RewriteBase /


########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section
I think this has been asked in part before but if someone could clarify I would be most thankful. It would be much easier for me to just drop this in apache directives via ISPConfig3 than renaming the files via FTP. I would like to follow best practices though...

Cheers!!

Last edited by GregMawo; 4th November 2010 at 17:55. Reason: further clarification
Reply With Quote
Sponsored Links
  #2  
Old 5th November 2010, 14:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by GregMawo View Post
Is the following syntactically/format OK: (where XXX is the correct client directory)
I'm no Joomla developer, so I can't tell if it works, but syntactically it looks ok.
Quote:
Originally Posted by GregMawo View Post
Am I correct in thinking this will negate the need to use the Joomla created .htaccess file (or htaccess.txt before renaming manually) - it appears to contain all of the below settings? But does it have the same effect?
Yes.

Quote:
Originally Posted by GregMawo View Post
Is this a better approach than using the .htaccess file in that it is slightly less work for the server (apache directives parsed once as opposed to each page visit for .htaccess files)?
Yes.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 8th November 2010, 12:35
GregMawo GregMawo is offline
Junior Member
 
Join Date: Oct 2010
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks very much for the clarification.

Much appreciated & all the best.

EDIT - Ahhh, I spoke too soon...

having deleted the content of (also tried removing) the .htaccess file the site is not working...

If I put the file back, the sites works...

I will try and isolate which settings are causing the issue and repost but for anyone reading this, the Apache Directives settings above DO NOT WORK, you must use the .htaccess file

For instance, Joomla reports that magic_quotes_gpc = OFF and the syntax of "Options FollowSymLinks" is actually "Options +FollowSymLinks" which can be checked by editing the .htaccess file (without "+" the site does not work and with it it does - which begs the question if it was entered under Apache Directives incorrectly, was it having any effect at all???)

Anyway, I'll have a fiddle about and see what I can figure out...

Last edited by GregMawo; 8th November 2010 at 18:27. Reason: I MADE A MISTAKE - SETTINGS DO NOT WORK AS POSTED!!
Reply With Quote
  #4  
Old 8th November 2010, 18:39
GregMawo GregMawo is offline
Junior Member
 
Join Date: Oct 2010
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm just wondering,... but do the "php_admin" values belong in the Apache Directives area or should they perhaps be in the Custom php.ini area?

I'll try adding:
Code:
magic_quotes_gpc = On
to the custom php.ini and see if it changes the joomla system info report in any way,.. ATM the value is OFF.

EDIT - OK, that worked! So I'll sort out the php settings from the apache directives and see if I can make some sense of it all

1 step back, 2 steps forward

Last edited by GregMawo; 8th November 2010 at 18:47. Reason: update, setting worked
Reply With Quote
  #5  
Old 2nd December 2010, 11:28
DaRKNeSS666NL DaRKNeSS666NL is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Posts: 207
Thanks: 17
Thanked 3 Times in 3 Posts
Default

I have also a questin abot custom php.ini settings I have put in the box:

Code:
upload_max_filesize = 50M
post_max_size = 50M
max_execution_time = 300
max_input_time = 300
Do I have to restart or does this goes in action after some time?
And how would I check if it's in place?
__________________
Updating my server to Debian Squeeze, so here I go again...
Reply With Quote
  #6  
Old 2nd December 2010, 15:12
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 368
Thanks: 25
Thanked 47 Times in 42 Posts
Default

DaRKNeSS666NL,

In my experience, Apache reloads its settings when one makes changes to those INI and Apache directives.

Perhaps Falko or Till is able to comment as to the mechanism and timing for Apache reloading the settings. It seems to take 2-5 minutes in most cases for the reload to occur after changes are made.

To check if the settings are in effect, create a .php file with

PHP Code:
<?php

phpinfo
();
exit;
and place it inside the directory that you expect your changes to affect. Access the PHP file in a browser and it should spit-out all of the effective values. Be mindful that you should not permit others to access this PHP file (and I recommend that you delete it after everything appears to be functioning as expected).

While the effective PHP runtime values will be reflected in the output, Webmin is also incredibly useful to see how Apache is applying any Apache-specific directives (those that are pasted into the bottom box, labeled "Apache directives", on the same ISPConfig page). Within Webmin, go to Servers -> Apache Server -> [choose virtual server] -> Show Directives.

Hope that helps!
Reply With Quote
  #7  
Old 2nd December 2010, 17:53
DaRKNeSS666NL DaRKNeSS666NL is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Posts: 207
Thanks: 17
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by cbj4074 View Post
DaRKNeSS666NL,

In my experience, Apache reloads its settings when one makes changes to those INI and Apache directives.
Just have made the chances in custom php.ini and waited a whileand voila all is there.

So indeed no restart or whatever is needed.
__________________
Updating my server to Debian Squeeze, so here I go again...
Reply With Quote
  #8  
Old 2nd December 2010, 17:55
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,592
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
 
Default

You can see in the ispconfig monitor > jobqueue when the changes had been applied, only open jobs are listed there. It takes normally about one minute.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL don't work please help me walner8080 Installation/Configuration 8 26th September 2010 12:07
Can't start apache Musty Server Operation 12 9th March 2008 13:58
Postfix delivery problem erebus Installation/Configuration 6 28th October 2007 16:20
Frustrated with ISPConfig install! woozyerdaddee Installation/Configuration 4 19th May 2006 03:38
Install stop at uuwish, UUDeview SeaWolf Installation/Configuration 6 4th October 2005 23:53


All times are GMT +2. The time now is 15:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.