Closed halojoy closed 1 year ago
You are right. But where did you get that? Which theme or plugin is in use? Since I can't remember the Serendipity generated .htaccess has anything like this.
@halojoy Uihhh ... you certainly mean
<Files *.tpl.php>
deny from all
</Files>
<Files *.tpl>
deny from all
</Files>
<Files *.sql>
deny from all
</Files>
<Files *.inc.php>
deny from all
</Files>
<Files *.db>
deny from all
</Files>
Its very strange I did not get this in all my years...
Could you try and replace each
deny from all
line with this
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
and see how this works, please.
The apache I have is 2.4.52 I have loaded module authz_core_module. It looks as 'Deny from all' no longer is supported.
I will see if I will use your suggested workaround. If so I will post back.
I think we can reduce that to Apache 2.3 syntax. Apache 2.2 is gone.
Thanks again!
Now I have done like you said. And this works well. No internal server error.
` <Files *.tpl.php>
<IfModule !mod_authz_core.c> Order allow,deny Deny from all `
@halojoy
May I ask how you got (or detailly produced) this internal server error after the install? I never had this with Apache 2.4 versions and Serendipity, though I know there were issues on web servers generally when it came to migrations to 2.3+ in the very past.
So maybe this is just an issue with some (default) httpd.conf
settings?
500 Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. C:/Apache24/htdocs/styx413/.htaccess: Invalid command 'deny', perhaps misspelled or defined by a module not included in the server configuration
So, ''Deny from all' is what generates this error in Apache. The install was without error. After this when I clicked to go to website, then was this error.
I tested now with the old .htaccess. Then was the same error. It is obvious Deny from all generates this error.
But if we have the IF you show me in your previous post. We can have both REQUIRED and DENY. This is a good workaround.
Maybe this error is because I use authz_core_mod
Maybe this error is because I use authz_core_mod
Yeah, that may be the initial culprit. Thanks for checking up.,
I still think its safe enough to only use the newer syntax like in my commit for this issue, because presumbly no one is going to install Styx on Apache 2.2.x versions nowadays. :-)
Loadmodule mod_authz_core is default in Apache 2.4.52. Probably in all Apache 2.4. I am almost sure of this.
@halojoy Could you please do me a favour and test having both in the .htaccess file without the mod:auth ifs, please? Then we could add this as the default for a while for all those that still run presumably local old apache versions. Thanks
Like this: (Edit: Strike this example test, its not working)
<Files *.tpl.php>
deny from all
Require all denied
</Files>
<Files *.tpl>
deny from all
Require all denied
</Files>
<Files *.sql>
deny from all
Require all denied
</Files>
<Files *.inc.php>
deny from all
Require all denied
</Files>
<Files *.db>
deny from all
Require all denied
</Files>
No!
I just found out why I didn't have these errors, since I used LoadModule access_compat_module modules/mod_access_compat.so
in my Apache config.
After I disabled this compat mode and running the above test I had the internal server error too.
So we either use the first approach with the ifs or just say that Apache 2.2 syntax is obsolete by now. I am for the latter. :)
Loadmodule mod_authz_core is default in Apache 2.4.52. Probably in all Apache 2.4. I am almost sure of this.
Yes. See: https://en.wikipedia.org/wiki/List_of_Apache_modules
But also _mod_accesscompat, which probably proofes why nobody came up with this in all these years. ;-) So, thanks again for finding this bug!
Yes, mod_access_compat is for this. Or it was in times before. Now in Apache 2.4 the mod_access_compat is not loaded by default.
Serendipity has only Deny Allow in the htaccess! But you now know much better :)
In .htaccess this will not work: Deny from all
Now Should be: Require all denied
The result was an internal server error after the install.