Apache2 / .htaccess how to enable it?

Axeia · December 27, 2008, 11:35pm

So I want to enable .htaccess files which for some (probably security related) reason is disabled.

I found this site claiming to have the solution and executed the following commands as root.

a2enmod rewrite (it put rewrite at the end of APACHE_MODULES)*]rcapache2 restart (instead of /etc/init.d/apache2 restart)
(tried to do the “run SuSEconfig to update the apache configuration files” … but suseconfig isn’t an existing command it seems)

Result: Nothing.

So I kept looking and found some post about about the same problem and thought bingo… that must be the solution…

So I edited /etc/apache2/httpd.conf to look like this:

RewriteEngine On
# forbid access to the entire filesystem by default
<Directory />
    Options None
    AllowOverride All
    Order deny, allow
    Deny from all
</Directory>

Restarted Apache2

Result: Nothing again.

So what’s going on? how do I enable it… and how many steps did I take for nothing and might even have to undo?

[edit]:
I tested by making a test directory file with a bunch of files and a .htaccess file who’s contents are: (which should give an error of sort as I understand it)

Options +Indexes 
dsadsad
IndexOptions +FancyIndexing
hjvbhjvjhvjv

I’m getting the result:

Access forbidden!

You don’t have permission to access the requested directory. There is either no index document or the directory is read-protected.

If you think this is a server error, please contact the webmaster.
Error 403
82.169.45.174
Sat Dec 27 23:40:03 2008
Apache/2.2.10 (Linux/SUSE)
(index.php is read if it’s in the dir so can’t imagine it’s a permissions problem)

erikro · December 27, 2008, 11:50pm

Hi,

add this:


# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

to your httpd.conf.

hth

Greetings Erik

ken_yap · December 28, 2008, 12:04am

If you grep in the directory /etc/apache2 there are several other instances of AllowOverride, particularly one on /srv/www/htdocs which is still in effect.

To do this safely, you should specify which directories you should AllowOverride, like this:


<Directory /srv/www/htdocs/myapp>
  AllowOverride All
</Directory>

Erik’s suggestion for protection against fetching .htaccess is also already active if you have a look at httpd.conf.

Axeia · December 28, 2008, 2:12am

Ye quite sure Eriks piece of code is in the httpd.conf file already. Turns out that default-server.conf is the one to blame. It has the more specific /srv/www/htdocs/ dir in it that ken_yap described. Found it manually instead of trough grep though… too late to be looking up examples of how grep works :P.

Thought I tried that out earlier in my own http.conf.local… but maybe I made a typo as I put the following in my httpd.local.conf

<Directory "/srv/www/htdocs">
    AllowOverride All
</Directory>

and it’s finally working
Thanks for the help, hope I’ll finally have a productive day tomorrow as I’ve had enough of the playing around with config files I’ve been doing lately