.htaccess functionality does not work

[kalikoder]

Hi-

I am running ISPconfig on Suse Linux 10.1 with three virtual hosts setup to share the same ip. Everything is working very well, except the .htaccess functionality in any of the sites. Whenever I try to use a PHP script that uses .htaccess file in its directory, I get a 500 internal server error. No matter which site.

I have browsed the forum, and researched this issue. Following is my error log file from one of the sites:
[Wed Mar 07 11:41:40 2007] [alert] [client 142.xx.xx.xxx] /srv/www/web7/web/blogs/.htaccess: Options not allowed

I believe that the issue is about .htaccess not being allowed globally or something. Following is an excerpt from my /etc/apache2/httpd.conf file:
<Directory /srv/www/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

In the above I have tried changing "AllowOverride None" to "AllowOverride All" and restarted apache, but it makes no difference

Please let me know if you want to see my /etc/apache2/vhosts/Vhosts_ispconfig.conf file, it currently does not have any <Directory> </Directory> sections.

Can you please point me in the right direction.. is there a howto telling how to get the .htaccess functionality working on ISPConfig. Please let me know if you need any more information.

Thanks in advance

[falko]

Please change it to

Code:

<Directory /srv/www/*/web>
Options +Includes -Indexes
#AllowOverride None
#AllowOverride Indexes AuthConfig Limit FileInfo
AllowOverride All
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

[kalikoder]

Thanks for the reply Falko. I am not very good on how the .htaccess works exactly, but just wanted to ask you if there are any security risks associated with doing a "AllowOverride All" , can a hacker take advantage of this and compromise the system in some way..

Thanks again

[falko]

Well, it would allow a customer that does not pay for PHP to enable PHP for his web site (if he knows about .htaccess). The same goes for other features. He might even be able to switch off PHP Safe Mode, and that would be a security risk.

But you can take a look http://httpd.apache.org/docs/2.0/mod...reference.html
It will tell you what you need to put behind AllowOverride to get your directives working.

[teves]

Hello,

I have a similar problem with a php knowledgebase script (kbpublisher).

What I'd like to know is: is it possible to set the AllowOverride options in the vhosts config file per web?
I'd like to be able to allow the usage of certain .htaccess options in only one web.

Thank you,
regards, Tom

[falko]

Sure, you can add something like

Code:

<Directory /path/to/directory>
AllowOverride All
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

in the Apache Directives field of a web site in ISPConfig.

[teves]

Aaah! Cool!

But what path do I need to enter into the directory tag of the htaccess file? The absolute path to the web in question, eg. <directory /srv/www/web123/web > ?

And do I have to restart apache after changing the apache directive field of a web?

[teves]

Hello,

no need to answer, I found it out myself in the meantime. And it works great! Thank you very much for the hint!

To point it out for others with the same problem:
The path must be relative to the /srv/www/webXX/web folder (at least on my Suse 10.1 / ISPConfig 2.28 Server).
Another thing one needs to know is that it takes a bit of time for the changes in the Apache Directives field to take effect.

regards, Tom