These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for I can't get .htaccess file to work on the new forum.
Web Hosting and Cloud Computing Control Panels
The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
I also noticed that if I put those in my server->configure website->Edit Directives it work...
The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
I also noticed that if I put those in my server->configure website->Edit Directives it work...
Can you post the associated VirtualHost section from your httpd.conf file?
One of the things we'd be looking for is an "AllowOverride" directive. That needs to be set to an option that has Apache looking for a .htaccess file (for example, "Allowoverride All" can do that).
-Eric
The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
I also noticed that if I put those in my server->configure website->Edit Directives it work...
SuexecUserGroup "#1007" "#1005"
ServerName foo.bar
ServerAlias www.foo.bar
DocumentRoot /home/foo.bar/public_html
ErrorLog /home/foo.bar/logs/error_log
CustomLog /home/foo.bar/logs/access_log "combined"
ScriptAlias /cgi-bin/ /home/foo.bar/cgi-bin/
AccessFileName /home/foo.bar/public_html/.htaccess
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory "/home/foo.bar/public_html">
Order Deny,Allow
Allow from all
AllowOverride All
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/foo.bar/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/foo.bar/fcgi-bin/php5.fcgi .php5
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
</Directory>
<Directory /home/foo.bar/cgi-bin>
allow from all
</Directory>
RemoveHandler .php
RemoveHandler .php5
IPCCommTimeout 31
LogLevel debug
The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
I also noticed that if I put those in my server->configure website->Edit Directives it work...
you need to set the open_basedir, else users can look into folders of other users and steal passwords and such
something like (depending on your install):
php_admin_value open_basedir /home/foo.com:/tmp:/usr/lib/php:/usr/local/lib/php
you can use the attached zip to test the environment, but do delete it after use else it get indexed and will lure crackers to your server (this happened to me)
I have read that .htaccess should work with suexec/mod_fcgi but usually one can edit the domains php.ini [file name=test2-2a8fe2235a424e6759cc70fc7a49acae.zip size=44665]http://www.virtualmin.com/components/com_fireboard/uploaded/files/test2-...
The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
I also noticed that if I put those in my server->configure website->Edit Directives it work...
nice code!!! but i'm not running it!!!
The .htaccess file is:
Options ExecCGI Includes IncludesNOEXEC Indexes -MultiViews +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^lang_([a-zA-Z]+)/$ /index.php?section=home&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&lang=$1
RewriteRule ^lang_([a-zA-Z]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)/([a-zA-Z0-9\-_.]+)\.html$ /index.php?section=$2&category=$3&option=$4&lang=$1
I also noticed that if I put those in my server->configure website->Edit Directives it work...
The "AllowOverride All" should let you work with .htaccess files if also mod_rewrite is loaded. However I have heard through the grapevine that editing php.ini would be a better option as apposed to .htaccess when running mod_fcgi. People are more used to .htaccess that is true.
..
when i uploaded the test2.php file to a server and called it in the browser, I was able to go up in the directory and look inside the servers of other owners under /home (and higher for that matter)
If you have more users on your system I take it you want to prevent this as a user can go into /home/otheruser/.usermin/mailbox/inbox.imap and see the password of that user (then login and do damage).
setting the open_basedir directive will prevent this as any user is then "limited" to his own environment as it should be.
Not setting the directive is a major security issue.
You can add this in the server template-apache website like so:
php_admin_value open_basedir ${HOME}:/tmp:/usr/lib/php:/usr/local/lib/php or per haps use ${DOM} or ${USER}, you'll have to test
my 2 cents