httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Gingras <francois.ging...@gmail.com>
Subject Re: [users@httpd] Revisited: 500 internal server error, new problem
Date Fri, 03 Sep 2010 19:54:13 GMT
  On 03/09/2010 3:50 PM, J Wilson wrote:
> OK I have a somewhat related problem with the 500 error issue I was posting about earlier
today.
>
> I originally placed these below zen cart recommended directives in my conf.d config file
for a site/domain that I am installing the newest version of Zen-Cart – php based shopping
cart.   The developers claim that this file should be left as is, if I am to receive the protections
that their new .htaccess files provide for their php scripts:
>
> <Directory "/home/webspace/www/catalog/includes/">
> AllowOverride Limit Options Indexes
> </Directory>
>
> <Directory "/home/webspace/www/catalog/zc_install/">
> AllowOverride Limit Options Indexes
> </Directory>
>
> deny *everything*
>
> <FilesMatch ".*">
>    Order Allow,Deny
>    Deny from all
> </FilesMatch>
>
> <FilesMatch ".*\.(js|JS|css|CSS|jpg|JPG|gif|GIF|png|PNG|swf|SWF)$">
>    Order Allow,Deny
>    Allow from all
> </FilesMatch>
>
> IndexIgnore */*
>
> DirectoryIndex index.php
>
> <FilesMatch ".*\..*">
>    Order Allow,Deny
>    Deny from all
> </FilesMatch>
>
> <FilesMatch "(^$|^favicon.ico$|.*\.(php|js|css|jpg|gif|png|html)$)">
>    Order Allow,Deny
>    Allow from all
> </FilesMatch>
>
> IndexIgnore */*
>
>
> However, upon restart, Apache did not like the deny *everything* line and Apache would
not restart, so I took that one line out, restarted httpd, and the server restarted fine.
>
> Only problem is, the developer is now claiming that by taking that one line out, that
I may as well take the entire directive set that they recommend out of my conf.d config file
for this domain, because that one line if removed, disables all the protections provided in
their new .htaccess files that came with Zen Cart.  Funny though, I could not get his install
scripts to run without all the rest of the directives I left in.
>
> So anyway he claims that there is a way to configure my Apache 2.2.3 server which would
make use of the deny *everything* line in my conf.d file and provide full protection.  So
I am now wondering what I need to do to set the switch to enable Apache to use this line and
provide full protection.  Something in the main httpd.conf file?
>
> He claims that this is out of the scope of their support arena, the server settings that
utilize his above suggested (actually required for install) directives.
>
> Thanks for any advice here.
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See<URL:http://httpd.apache.org/userslist.html>  for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Hello,

*everything* is not a valid argument for the Deny directive. Please consult the official 
documentation for proper usage.

Having said that, I believe that this line should be a comment to begin with, since the FilesMatch

block that follows WILL deny all requests.

Frank



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message