httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Wilson <troyinfor...@yahoo.com>
Subject Re: Re: Re: [users@httpd] 500 internal server error running php application
Date Fri, 03 Sep 2010 16:08:03 GMT
There are two .htaccess.  They are both included in Zen-Cart, these are the .htaccess files
that the apache error logs seem to be having a problem with - this is a newer version of Zen
Cart, I don't remember them being in the older versions I am currently running:




# @copyright Copyright 2003-2010 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively,
except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or
whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters
to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll
need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">
  Order Allow,Deny
  Deny from all
</FilesMatch>

# but now allow just *certain* necessary files:
<FilesMatch ".*\.(js|JS|css|CSS|jpg|JPG|gif|GIF|png|PNG|swf|SWF)$">
  Order Allow,Deny
  Allow from all
</FilesMatch>

IndexIgnore */*


## NOTE: If you want even greater security to prevent hackers from running scripts in this
folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI
~
~



And the second .htaccess:

#
# @copyright Copyright 2003-2010 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively,
except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or
whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters
to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll
need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">
  Order Allow,Deny
  Deny from all
</FilesMatch>

# but now allow just *certain* necessary files:
<FilesMatch ".*\.(js|css|jpg|JPG|gif|GIF|png|PNG)$">
  Order Allow,Deny
  Allow from all
</FilesMatch>

IndexIgnore */*
~
~
~
~
~


--- On Fri, 9/3/10, james@nixsecurity.org <james@nixsecurity.org> wrote:

> From: james@nixsecurity.org <james@nixsecurity.org>
> Subject: Re: Re: Re: [users@httpd] 500 internal server error running  php application
> To: users@httpd.apache.org
> Date: Friday, September 3, 2010, 11:49 AM
> 
> Could you possibly paste the contents of the .htaccess
> file?
> 
> >---- Original Message ----
> >From: J Wilson <troyinformer@yahoo.com>
> >To: users@httpd.apache.org
> >Sent: Fri, Sep 3, 2010, 11:47 AM
> >Subject: Re: Re: [users@httpd] 500 internal server
> error running php application
> >
> >Error Log:
> >
> >/home/webdir/www/catalog/includes/.htaccess: order not
> allowed here, referer: http://www.mydomain.com/catalog/
> >
> >[Fri Sep 03 11:34:34 2010] [alert] [client
> ip.add.re.ss] /home/webdir/www/catalog/zc_install/.htaccess:
> DirectoryIndex not allowed here, referer: http://www.mydomain.com/catalog/
> >
> >
> >
> >
> >--- On Fri, 9/3/10, james@nixsecurity.org
> <james@nixsecurity.org>
> wrote:
> >
> >> From: james@nixsecurity.org
> <james@nixsecurity.org>
> >> Subject: Re: Re: [users@httpd] 500 internal server
> error running php  application
> >> To: users@httpd.apache.org
> >> Date: Friday, September 3, 2010, 9:39 AM
> >> I'd also take a look at the Apache
> >> error_log to see if there's any indication evident
> there.
> >> Keep in mind that if the PHP code suppresses error
> reporting
> >> (by prefixing expressions with the @ character)
> then nothing
> >> will be reported.
> >>
> >> >---- Original Message ----
> >> >From: Eric Covener <covener@gmail.com>
> >> >To: users@httpd.apache.org
> >> >Sent: Fri, Sep 3, 2010, 9:35 AM
> >> >Subject: Re: [users@httpd] 500 internal server
> error
> >> running php application
> >> >
> >> >On Fri, Sep 3, 2010 at 9:31 AM, chris h <chris404@gmail.com>
> >> wrote:
> >> >> Does a failed PHP script not show
> a PHP error as
> >> well as send a 500 response
> >> >> code?
> >> >>
> >> >
> >> ><fajita> White Screen Of Death, one of
> PHP's
> >> specialties. It is
> >> >produced when an error has occurred in a PHP
> script and
> >> the error
> >> >               
> >>        reporting goes either to the
> >> error log or to
> >> >nowhere. To solve it, look for the error
> reporting
> >> settings in php.ini
> >> >(or use
> >> >               
> >>        ini_set()). Also check the
> >> error log (see step
> >> >one). Further questions MUST GO TO ##PHP.
> >> >
> >> >
> >> >--
> >> >Eric Covener
> >> >covener@gmail.com
> >> >
> >>
> >---------------------------------------------------------------------
> >> >The official User-To-User support forum of the
> Apache
> >> HTTP Server Project.
> >> >See <URL:http://httpd.apache.org/userslist.html> for more
> >> info.
> >> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >   "   from the digest:
> >> users-digest-unsubscribe@httpd.apache.org
> >> >For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the
> Apache HTTP
> >> Server Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more
> >> info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >
> >
> >
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache
> HTTP Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


      


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message