The .htaccess overwriting issue for

[netm]

Hi there,

I have been using Ver 3.6.0 up to now to create child themes for clients. As of yesterday for some reason I can not fathom several of my sites have developed the 500 error, .htaccess problem.

Firstly - I figured I'd be best to upgrade to the latest version, but it seems that no longer has the theme options and support for the 960 framework. I have been remiss in not visiting the site for a while but even now can not find any "news" section that might keep people abreast of changes. I must be missing something.

Secondly - I had a look and found the issue here for the .htaccess issue but I think the fix is too 'new' for my 'old' version.

Sooo....

1. Does anybody know how to patch 3.6 for the 500 .htaccess thing?
2. Is 960 - er - gone burger - or am I missing something there?

This may not be the place for me to ask this but couldn't find anywhere else.

:-)

[retlehs]

the news section is basically https://github.com/retlehs/roots/commits/master + the changelog

copy over the current roots-htaccess.php & h5bp-htaccess files and your problems should be fixed

960 (and all frameworks besides bootstrap) was removed along with the theme options and more with 3c3b71fac02f117632c3e446b1d43248dfe814f3

[netm]

Hi Ben,

Thanks so much for the reply.

I have done as you suggest but the problem persists, on entering wp-admin it rewrites .htaccess and takes the site down.

Any advice appreciated,

Gwilym Griffith-Jones . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Blog: http://www.staple.co.nz <<< http://www.loopcase.co.nz http://www.cactusclimbing.co.nz http://www.cooreea.com http://www.superscrews.co.nz http://www.netmechanics.co.nz . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Mob NZ: (+64) 21 388 801 Ph NZ: +64 3 443 1900 Email: gwilymgj@gmail.com Skype: gwilymgj / cooreea . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .

On 14 February 2012 01:03, Ben Word < reply@reply.github.com

wrote:

the news section is basically https://github.com/retlehs/roots/commits/master + the changelog

copy over the current roots-htaccess.php & h5bp-htaccess files and your problems should be fixed

960 (and all frameworks besides bootstrap) was removed along with the theme options and more with 3c3b71fac02f117632c3e446b1d43248dfe814f3

---

Reply to this email directly or view it on GitHub: https://github.com/retlehs/roots/issues/276#issuecomment-3938543

[retlehs]

can you upload your htaccess?

[netm]

Hi there - .htaccess below...thanks so much for even thinking about this :-)

(empty line)

BEGIN WordPress

RewriteEngine On RewriteBase _http://historicplacesaotearoa.org.nz/ RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . _http://historicplacesaotearoa.org.nz/index.php [L]

(empty line)

END WordPress

Gwilym Griffith-Jones . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Blog: http://www.staple.co.nz <<< http://www.loopcase.co.nz http://www.cactusclimbing.co.nz http://www.cooreea.com http://www.superscrews.co.nz http://www.netmechanics.co.nz . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Mob NZ: (+64) 21 388 801 Ph NZ: +64 3 443 1900 Email: gwilymgj@gmail.com Skype: gwilymgj / cooreea . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .

On 14 February 2012 13:31, Ben Word < reply@reply.github.com

wrote:

can you upload your htaccess?

---

Reply to this email directly or view it on GitHub: https://github.com/retlehs/roots/issues/276#issuecomment-3952671

[netm]

This .htaccess is also automatically written in and breaks the site...Oh man why does it format this so badly?

Options -MultiViews ErrorDocument 404 //wp-content/themes/102983.php

BEGIN WordPress

RewriteEngine On RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]

Apache configuration file

httpd.apache.org/docs/2.2/mod/quickreference.html

Note .htaccess files are an overhead, this logic should be in your Apache config if possible

httpd.apache.org/docs/2.2/howto/htaccess.html

Techniques in here adapted from all over, including:

Kroc Camen: camendesign.com/.htaccess

perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

Sample .htaccess file of CMS MODx: modxcms.com

If you run a webserver other than apache, consider:

github.com/paulirish/html5-boilerplate-server-configs

----------------------------------------------------------------------

Better website experience for IE users

----------------------------------------------------------------------

Force the latest IE version, in various cases when it may fall back to IE7 mode

github.com/rails/rails/commit/123eb25#commitcomment-118920

Use ChromeFrame if it's installed for a better experience for the poor IE folk

Header set X-UA-Compatible "IE=Edge,chrome=1" # mod_headers can't match by content-type, but we don't want to send this header on _everything_... Header unset X-UA-Compatible

----------------------------------------------------------------------

Cross-domain AJAX requests

----------------------------------------------------------------------

Serve cross-domain ajax requests, disabled.

enable-cors.org

code.google.com/p/html5security/wiki/CrossOriginRequestSecurity

Header set Access-Control-Allow-Origin "*"

----------------------------------------------------------------------

Webfont access

----------------------------------------------------------------------

Allow access from all domains for webfonts.

Alternatively you could only whitelist your

subdomains like "subdomain.example.com".

<FilesMatch ".(ttf|ttc|otf|eot|woff|font.css)$">

Header set Access-Control-Allow-Origin "*"

----------------------------------------------------------------------

Proper MIME type for all files

----------------------------------------------------------------------

JavaScript

Normalize to standard type (it's sniffed in IE anyways)

tools.ietf.org/html/rfc4329#section-7.2

AddType application/javascript js

Audio

AddType audio/ogg oga ogg AddType audio/mp4 m4a

Video

AddType video/ogg ogv AddType video/mp4 mp4 m4v AddType video/webm webm

SVG.

Required for svg webfonts on iPad

twitter.com/FontSquirrel/status/14855840545

AddType image/svg+xml svg svgz AddEncoding gzip svgz

Webfonts

AddType application/vnd.ms-fontobject eot AddType application/x-font-ttf ttf ttc AddType font/opentype otf AddType application/x-font-woff woff

Assorted types

AddType image/x-icon ico AddType image/webp webp AddType text/cache-manifest appcache manifest AddType text/x-component htc AddType application/x-chrome-extension crx AddType application/x-xpinstall xpi AddType application/octet-stream safariextz AddType text/x-vcard vcf

----------------------------------------------------------------------

Gzip compression

----------------------------------------------------------------------

# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/ SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s_,?\s_)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding # HTML, TXT, CSS, JavaScript, JSON, XML, HTC: FilterDeclare COMPRESS FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype FilterChain COMPRESS FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no # Legacy versions of Apache AddOutputFilterByType DEFLATE text/html text/plain text/css application/json AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE text/xml application/xml text/x-component AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml AddOutputFilterByType DEFLATE image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype

----------------------------------------------------------------------

Stop screen flicker in IE on CSS rollovers

----------------------------------------------------------------------

The following directives stop screen flicker in IE on CSS rollovers - in

combination with the "ExpiresByType" rules for images (see above). If

needed, un-comment the following rules.

BrowserMatch "MSIE" brokenvary=1

BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1

BrowserMatch "Opera" !brokenvary

SetEnvIf brokenvary 1 force-no-vary

----------------------------------------------------------------------

Cookie setting from iframes

----------------------------------------------------------------------

Allow cookies to be set from iframes (for IE only)

If needed, uncomment and specify a path or regex in the Location directive

Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""

----------------------------------------------------------------------

Prevent SSL cert warnings

----------------------------------------------------------------------

Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent

https://www.example.com when your cert only allows https://secure.example.com

Uncomment the following lines to use this feature.

RewriteCond %{SERVER_PORT} !^443

RewriteRule ^ https://example-domain-please-change-me.com%{REQUEST_URI} [R=301,L]

----------------------------------------------------------------------

Prevent 404 errors for non-existing redirected folders

----------------------------------------------------------------------

without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist

e.g. /blog/hello : webmasterworld.com/apache/3808792.htm

Options -MultiViews

----------------------------------------------------------------------

UTF-8 encoding

----------------------------------------------------------------------

Use UTF-8 encoding for anything served text/plain or text/html

AddDefaultCharset utf-8

Force UTF-8 for a number of file formats

AddCharset utf-8 .html .css .js .xml .json .rss .atom

----------------------------------------------------------------------

A little more security

----------------------------------------------------------------------

Do we want to advertise the exact version number of Apache we're running?

Probably not.

This can only be enabled if used in httpd.conf - It will not work in .htaccess

ServerTokens Prod

"-Indexes" will have Apache block users from browsing folders without a default document

Usually you should leave this activated, because you shouldn't allow everybody to surf through

every folder on your server (which includes rather private places like CMS system folders).

Options -Indexes

Block access to "hidden" directories whose names begin with a period. This

includes directories used by version control systems such as Subversion or Git.

RewriteRule "(^|/)." - [F]

If your server is not already configured as such, the following directive

should be uncommented in order to set PHP's register_globals option to OFF.

This closes a major security hole that is abused by most XSS (cross-site

scripting) attacks. For more information: http://php.net/register_globals

#

IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :

#

Your server does not allow PHP directives to be set via .htaccess. In that

case you must make this change in your php.ini file instead. If you are

using a commercial web host, contact the administrators for assistance in

doing this. Not all servers allow local php.ini files, and they should

include all PHP configurations (not just this one), or you will effectively

reset everything to PHP defaults. Consult www.php.net for more detailed

information about setting PHP directives.

php_flag register_globals Off

Rename session cookie to something else, than PHPSESSID

php_value session.name sid

Do not show you are using PHP

Note: Move this line to php.ini since it won't work in .htaccess

php_flag expose_php Off

Level of log detail - log all errors

php_value error_reporting -1

Write errors to log file

php_flag log_errors On

Do not display errors in browser (production - Off, development - On)

php_flag display_errors On

Do not display startup errors (production - Off, development - On)

php_flag display_startup_errors Off

Format errors in plain text

Note: Leave this setting 'On' for xdebug's var_dump() output

php_flag html_errors Off

Show multiple occurrence of error

php_flag ignore_repeated_errors Off

Show same errors from different sources

php_flag ignore_repeated_source Off

Size limit for error messages

php_value log_errors_max_len 1024

Don't precede error with string (doesn't accept empty string, use whitespace if you need)

php_value error_prepend_string " "

Don't prepend to error (doesn't accept empty string, use whitespace if you need)

php_value error_append_string " "

Increase cookie security

php_value session.cookie_httponly true

END WordPress

[retlehs]

Options -MultiViews is commented out by default. either you aren't using roots or you're not using anywhere near the latest version

see https://github.com/retlehs/roots/blob/master/inc/h5bp-htaccess / https://github.com/retlehs/roots/blob/master/inc/h5bp-htaccess#L423

also, you need to use markdown to properly insert code into these comments.