snipe
commented
2 years ago I don't know what this means. We haven't changed the htaccess syntax in ages.
Closed vapier closed 2 years ago
snipe
commented
2 years ago I don't know what this means. We haven't changed the htaccess syntax in ages.
snipe
commented
2 years ago If you have a fix for this, we'd happily look at a PR, but we have to make sure it degrades well for older versions of Apache.
vapier
commented
2 years ago it means v6.0.0 is broken on apache-2.4 as the error log shows. the broken change doesn't exist in the 5.x series, it was merged into the 6.x series. so it's been broken in the 6.x series since commit 494ed3d17aaee68ae885d87948111ab299549094.
compare the use of Require-vs-Deny in the top-level .htaccess and public/.htaccess.
snipe
commented
2 years ago We'd welcome a PR to resolve this issue.
snipe
commented
2 years ago If you install access_compat_module it should work again.
bby-bishopclark
commented
2 years ago consider
<Files "web.config">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order Deny,Allow
Deny from All
</IfModule>
</Files>It's a common format for sussing versions.
bby-bishopclark
commented
2 years ago compare the use of Require-vs-Deny in the top-level .htaccess and public/.htaccess.
Silly me -- didn't read it all. Vapier's pointer to https://github.com/snipe/snipe-it/blob/master/.htaccess#L7 is a ideal fix.
GitHub
A free open source IT asset/license management system - snipe-it/.htaccess at master · snipe/snipe-it
snipe
commented
2 years ago @bby-bishopclark I've had a PR open for 3 days for this. https://github.com/snipe/snipe-it/pull/11072 - just waiting on someone who uses apache to test.
bby-bishopclark
commented
2 years ago is THAT all?!? Let me check my dev box.
Good news and bad news:
# rpm -qa snipe-it httpd
snipe-it-5.3.10-2.el8.noarch
httpd-2.4.37-43.module+el8.5.0+747+83fae388.3.x86_64Apache here, but I can't get a newer snipe-it into the system until I update the package, and there was a minor change after 5.3.10 that is hosing the build test; ownership or something. It's only a coupla days, maybe, but it's gonna be a coupla days.
snipe
commented
2 years ago @bby-bishopclark just noticed this - where is that snipe-it RPM coming from? We don't build an RPM for this, so curious where you found that or if you're building it yourself?
bby-bishopclark
commented
2 years ago @bby-bishopclark just noticed this - where is that snipe-it RPM coming from?
We talked about this before. An RPM is not on the project's radar, but crucial for adoption at my site, so yeah. I used to do it full-time for OpenLinux, so it was almost no big deal.
snipe
commented
2 years ago I don't recall talking to you about it, but I believe you. I talk to a lot of people here. Literally thousands.
snipe
commented
2 years ago So if nobody is willing to test this, I can't merge it. I closed the PR, but will re-add if anyone can confirm this works.
vapier
commented
2 years ago on the other hand, you can't break more what is already broken
bby-bishopclark
commented
2 years ago Sorry, but I can't test. It appears v6 made a dependency leap and leapt right out of EL7 support. My packaging effort - and thus upgrades and thus testing - is stalled until I replatform on another EL that has what the project needs. It's probably EL9 since its 10-year support window is only 10% used. TL;DR is I have no v6 installs for the near term.
scranfor
commented
2 years ago I tested on Apache 2.4.41 as shipped in Ubuntu 20.04. Seems to work fine.
vapier
commented
2 years ago commit 157944b77422b3af61f7c3ff9557387940275cd9 fixed it for me with 2.4.54
Debug mode
Describe the bug
with apache-2.4.53 and snipeit-6.0.0:
Reproduction steps
Expected behavior
do not fail
Screenshots
No response
Snipe-IT Version
6.0.0
Operating System
Debian Linux
Web Server
apache
PHP Version
7.8
Operating System
No response
Browser
No response
Version
No response
Device
No response
Operating System
No response
Browser
No response
Version
No response
Error messages
No response
Additional context
No response