Apache2 / .htaccess how to enable it?

[Axeia]

So I want to enable .htaccess files which for some (probably security related) reason is disabled.

I found this site claiming to have the solution and executed the following commands as root.

• a2enmod rewrite (it put rewrite at the end of APACHE_MODULES)
• rcapache2 restart (instead of /etc/init.d/apache2 restart)

(tried to do the "run SuSEconfig to update the apache configuration files" .. but suseconfig isn't an existing command it seems)

Result: Nothing.

So I kept looking and found some post about about the same problem and thought bingo.. that must be the solution...

So I edited /etc/apache2/httpd.conf to look like this:

PHP Code:

RewriteEngine On
# forbid access to the entire filesystem by default
<Directory />
    Options None
    AllowOverride All
    Order deny, allow
    Deny from all
</Directory> 


Restarted Apache2

Result: Nothing again.

So what's going on? how do I enable it.. and how many steps did I take for nothing and might even have to undo?


[edit]:
I tested by making a test directory file with a bunch of files and a .htaccess file who's contents are: (which should give an error of sort as I understand it)

Code:

Options +Indexes 
dsadsad
IndexOptions +FancyIndexing
hjvbhjvjhvjv

I'm getting the result:

Access forbidden!

You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.

If you think this is a server error, please contact the webmaster.
Error 403
82.169.45.174
Sat Dec 27 23:40:03 2008
Apache/2.2.10 (Linux/SUSE)

(index.php is read if it's in the dir so can't imagine it's a permissions problem)

[erikro]

Hi,

add this:

Code:

# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

to your httpd.conf.

hth

Greetings Erik

[ken_yap]

If you grep in the directory /etc/apache2 there are several other instances of AllowOverride, particularly one on /srv/www/htdocs which is still in effect.

To do this safely, you should specify which directories you should AllowOverride, like this:

Code:

<Directory /srv/www/htdocs/myapp>
  AllowOverride All
</Directory>

Erik's suggestion for protection against fetching .htaccess is also already active if you have a look at httpd.conf.

[Axeia]

Ye quite sure Eriks piece of code is in the httpd.conf file already. Turns out that default-server.conf is the one to blame. It has the more specific /srv/www/htdocs/ dir in it that ken_yap described. Found it manually instead of trough grep though.. too late to be looking up examples of how grep works .

Thought I tried that out earlier in my own http.conf.local.. but maybe I made a typo as I put the following in my httpd.local.conf

Code:

<Directory "/srv/www/htdocs">
    AllowOverride All
</Directory>

and it's finally working
Thanks for the help, hope I'll finally have a productive day tomorrow as I've had enough of the playing around with config files I've been doing lately