I can't get .htaccess file to work

12 posts / 0 new
Last post
#1 Mon, 06/30/2008 - 03:45
freddo

I can't get .htaccess file to work

Which are the steps to make a .htaccess file to work... the file was working on the previous server (has some rewrite rules in it) but I can't make it work in virtualmin pro.

Sun, 06/07/2009 - 07:25
freddo

The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1

I also noticed that if I put those in my server->configure website->Edit Directives it work...

Sun, 06/07/2009 - 07:25
freddo

The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1

I also noticed that if I put those in my server->configure website->Edit Directives it work...

Mon, 06/30/2008 - 15:53
andreychek

Can you post the associated VirtualHost section from your httpd.conf file?

One of the things we'd be looking for is an "AllowOverride" directive. That needs to be set to an option that has Apache looking for a .htaccess file (for example, "Allowoverride All" can do that).
-Eric

Sun, 06/07/2009 - 07:25
freddo

The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1

I also noticed that if I put those in my server->configure website->Edit Directives it work...

Sun, 06/07/2009 - 07:25
freddo

SuexecUserGroup "#1007" "#1005"
ServerName foo.bar
ServerAlias www.foo.bar
DocumentRoot /home/foo.bar/public_html
ErrorLog /home/foo.bar/logs/error_log
CustomLog /home/foo.bar/logs/access_log "combined"
ScriptAlias /cgi-bin/ /home/foo.bar/cgi-bin/
AccessFileName /home/foo.bar/public_html/.htaccess
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory "/home/foo.bar/public_html">
Order Deny,Allow
Allow from all
AllowOverride All
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/foo.bar/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/foo.bar/fcgi-bin/php5.fcgi .php5
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
</Directory>
<Directory /home/foo.bar/cgi-bin>
allow from all
</Directory>
RemoveHandler .php
RemoveHandler .php5
IPCCommTimeout 31
LogLevel debug

Sun, 06/07/2009 - 07:25
freddo

The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1

I also noticed that if I put those in my server->configure website->Edit Directives it work...

Tue, 07/01/2008 - 03:44
ronald
ronald's picture

you need to set the open_basedir, else users can look into folders of other users and steal passwords and such

something like (depending on your install):
php_admin_value open_basedir /home/foo.com:/tmp:/usr/lib/php:/usr/local/lib/php

you can use the attached zip to test the environment, but do delete it after use else it get indexed and will lure crackers to your server (this happened to me)

I have read that .htaccess should work with suexec/mod_fcgi but usually one can edit the domains php.ini [file name=test2-2a8fe2235a424e6759cc70fc7a49acae.zip size=44665]http://www.virtualmin.com/components/com_fireboard/uploaded/files/test2-...

Sun, 06/07/2009 - 07:25
freddo

The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1

I also noticed that if I put those in my server->configure website->Edit Directives it work...

Tue, 07/01/2008 - 05:43
freddo

nice code!!! but i'm not running it!!!

Sun, 06/07/2009 - 07:25
freddo

The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1

I also noticed that if I put those in my server->configure website->Edit Directives it work...

Sun, 06/07/2009 - 07:25
ronald
ronald's picture

The "AllowOverride All" should let you work with .htaccess files if also mod_rewrite is loaded. However I have heard through the grapevine that editing php.ini would be a better option as apposed to .htaccess when running mod_fcgi. People are more used to .htaccess that is true.

..
when i uploaded the test2.php file to a server and called it in the browser, I was able to go up in the directory and look inside the servers of other owners under /home (and higher for that matter)

If you have more users on your system I take it you want to prevent this as a user can go into /home/otheruser/.usermin/mailbox/inbox.imap and see the password of that user (then login and do damage).

setting the open_basedir directive will prevent this as any user is then "limited" to his own environment as it should be.
Not setting the directive is a major security issue.

You can add this in the server template-apache website like so:
php_admin_value open_basedir ${HOME}:/tmp:/usr/lib/php:/usr/local/lib/php or per haps use ${DOM} or ${USER}, you'll have to test

my 2 cents

Topic locked