Re: Revisited: 500 internal server error, new problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OK thanks I realize that now the way he worded it in the forum I thought it was to be part of the apache directives and not a comment and thought I should remove the # sign. 

So does it appear that all I need to do is edit the main httpd.conf file and enter in 

ie:    AllowOverride All

or:    AllowOverride Limit Indexes

into httpd.conf?






--- On Fri, 9/3/10, Frank Gingras <francois.gingras@xxxxxxxxx> wrote:

> From: Frank Gingras <francois.gingras@xxxxxxxxx>
> Subject: Re:  Revisited: 500 internal server error, new problem
> To: users@xxxxxxxxxxxxxxxx
> Date: Friday, September 3, 2010, 5:21 PM
>   On 03/09/2010 5:20 PM, J
> Wilson wrote:
> > Actually I may have mis understood what he was trying
> to say in the ZC forum.
> >
> > This is what one of the Zen Cart .htaccess file
> states:
> >
> >
> > # @copyright Copyright 2003-2010 Zen Cart Development
> Team
> > # @license http://www.zen-cart.com/license/2_0.txt GNU Public
> License V2.0
> > # @version $Id: .htaccess 16111 2010-04-29 22:39:02Z
> drbyte $
> > #
> > # This is used with Apache WebServers
> > #
> > # The following blocks direct HTTP requests to all
> filetypes in this directory recursively, except certain
> approved exceptions
> > # It also prevents the ability of any scripts to run.
> No type of script, be it PHP, PERL or whatever, can normally
> be executed if ExecCGI is disabled.
> > # Will also prevent people from seeing what is in the
> dir. and any sub-directories
> > #
> > # For this to work, you must include either 'All' or
> at least: 'Limit' and 'Indexes' parameters to the
> AllowOverride configuration in your apache/conf/httpd.conf
> file.
> > # Additionally, if you want the added protection
> offered by the OPTIONS directive below, you'll need to add
> 'Options' to the AllowOverride list, if 'All' is not
> specified.
> > # Example:
> > #<Directory "/usr/local/apache/htdocs">
> > #  AllowOverride Limit Options Indexes
> > #</Directory>
> > ###############################
> >
> > # deny *everything*
> > <FilesMatch ".*">
> >    Order Allow,Deny
> >    Deny from all
> > </FilesMatch>
> >
> > # but now allow just *certain* necessary files:
> > <FilesMatch
> ".*\.(js|JS|css|CSS|jpg|JPG|gif|GIF|png|PNG|swf|SWF)$">
> >    Order Allow,Deny
> >    Allow from all
> > </FilesMatch>
> >
> > IndexIgnore */*
> >
> >
> > ## NOTE: If you want even greater security to prevent
> hackers from running scripts in this folder, uncomment the
> following line (if your hosting company will allow you to
> use OPTIONS):
> > # OPTIONS -Indexes -ExecCGI
> >
> >
> > And this is what the readme docs for the new Zen Cart
> version states:
> >
> > For added security, Zen Cart™ comes with several
> .htaccess files already included in various folders to help
> provide protection against unwanted visitors and even
> against mis-use of your site in the unfortunate situation of
> your site being hacked. These protections prevent hackers
> from using your site as phishing sources.
> > However, for these built-in protections to work, your
> web hosting server administrator MUST set the AllowOverride
> directive in the server's apache configuration (the server's
> master httpd.conf file) to "All" or at least ensure it
> includes these parameters: 'Limit Indexes'.
> >
> > ie:    AllowOverride All
> >
> > or:    AllowOverride Limit Indexes
> >
> >   (NOTE: You must also add "Options" if
> uncommenting OPTIONS directives in your .htaccess files)
> >
> >   Without these settings, you will
> likely encounter "500 Internal Server Error" messages when
> attempting to access various parts of your site, including
> perhaps the zc_install installer script.
> > Storeowners hosting on Windows Servers using IIS
> instead of Apache may need to remove the .htaccess files and
> rework them into suitable equivalents within your IIS
> configuration. See Microsoft's IIS website for specific
> assistance.
> >
> > So from what I am understanding now, all I need to do
> is to edit httpd.conf and add in the block:
> >
> > ie:    AllowOverride All
> >
> > or:    AllowOverride Limit Indexes
> >
> > and not add any entries into my conf.d apache config
> files for the domain(s) in question?
> >
> > I was thinking that I should substitute<Directory
> "/usr/local/apache/htdocs">  with the path of the
> domain that owns that web space and put the directives in
> all my individual apache config files for those domains
> running a store, which I did.
> >
> > Now it appears that they are to be left in the
> .htaccess file and I just edit the main httpd.conf
> file.  Do you get this impression as well?
> >
> >
> >
> >
> > --- On Fri, 9/3/10, Rich Bowen<rbowen@xxxxxxxxxxx> 
> wrote:
> >
> >> From: Rich Bowen<rbowen@xxxxxxxxxxx>
> >> Subject: Re:  Revisited: 500 internal
> server error, new problem
> >> To: users@xxxxxxxxxxxxxxxx
> >> Date: Friday, September 3, 2010, 4:11 PM
> >> If someone is telling you that "deny
> >> *everything*" is valid Apache httpd syntax, you
> can rest
> >> assured that they don't know what they're talking
> about, and
> >> you might want to find support elsewhere.
> >>
> >> Additionally,<Directory>  blocks are
> not permitted in
> >> .htaccess files.
> >>
> >> I would strongly encourage you to point this
> "developer"
> >> here, as they might benefit from our help.
> >>
> >> Meanwhile, I would encourage you to read these:
> >>
> >> http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny
> >> http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
> >>
> >>
> >>
> >>> Only problem is, the developer is now claiming
> that by
> >> taking that one line out, that I may as well take
> the entire
> >> directive set that they recommend out of my conf.d
> config
> >> file for this domain, because that one line if
> removed,
> >> disables all the protections provided in their new
> .htaccess
> >> files that came with Zen Cart.  Funny though,
> I could
> >> not get his install scripts to run without all the
> rest of
> >> the directives I left in.
> >>> So anyway he claims that there is a way to
> configure
> >> my Apache 2.2.3 server which would make use of the
> deny
> >> *everything* line in my conf.d file and provide
> full
> >> protection.  So I am now wondering what I
> need to do to
> >> set the switch to enable Apache to use this line
> and provide
> >> full protection.  Something in the main
> httpd.conf
> >> file?
> >>> He claims that this is out of the scope of
> their
> >> support arena, the server settings that utilize
> his above
> >> suggested (actually required for install)
> directives.
> >>> Thanks for any advice here.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> ---------------------------------------------------------------------
> >>> The official User-To-User support forum of the
> Apache
> >> HTTP Server Project.
> >>> See<URL:http://httpd.apache.org/userslist.html>  for
> more
> >> info.
> >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >>> 
>    "   from the digest:
> >> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>>
> >> --
> >> Rich Bowen
> >> rbowen@xxxxxxxxxxx
> >>
> >>
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the
> Apache HTTP
> >> Server Project.
> >> See<URL:http://httpd.apache.org/userslist.html>  for
> more
> >> info.
> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >>    "   from the digest:
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>
> >>
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache
> HTTP Server Project.
> > See<URL:http://httpd.apache.org/userslist.html>  for
> more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >     "   from the
> digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> 
> A leading # indicates a comment. Be careful to replicate
> the configuration lines *exactly* as they 
> are given to you.
> 
> Frank
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 


      


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux