Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11860

.htaccess not working for Apache 2.4

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.0.12-RC3
    • Fix Version/s: 3.0.13-RC1, 3.1.0-b3
    • Component/s: None
    • Labels:
      None

      Description

      https://httpd.apache.org/docs/2.4/upgrading.html#run-time

      2.2 configuration:

      Order deny,allow
      Deny from all

      2.4 configuration:

      Require all denied

      So our htaccess needs adjustments

        Activity

        Hide
        bantu Andreas Fischer added a comment - - edited

        The following seems to work for Apache 2.4 and earlier without the compat module, but this is the hack from stackoverflow.

        # Pre Apache 2.4
        <IfModule !mod_authz_core.c>
        	<Files "config.php">
        		Order Allow,Deny
        		Deny from All
        	</Files>
         
        	<Files "common.php">
        		Order Allow,Deny
        		Deny from All
        	</Files>
        </IfModule>
         
        # Apache 2.4 and later
        <IfModule mod_authz_core.c>
                <Files "config.php">
                        Require all denied
                </Files>
         
                <Files "common.php">
                        Require all denied
                </Files>
        </IfModule>
        

        Show
        bantu Andreas Fischer added a comment - - edited The following seems to work for Apache 2.4 and earlier without the compat module, but this is the hack from stackoverflow. # Pre Apache 2.4 <IfModule !mod_authz_core.c> <Files "config.php"> Order Allow,Deny Deny from All </Files>   <Files "common.php"> Order Allow,Deny Deny from All </Files> </IfModule>   # Apache 2.4 and later <IfModule mod_authz_core.c> <Files "config.php"> Require all denied </Files>   <Files "common.php"> Require all denied </Files> </IfModule>
        Hide
        bantu Andreas Fischer added a comment - - edited

        Discussion with Frank Gingras in #httpd:

        [18:58:11] <bantu> Humbedooh, thumbs: This is as far as we are now. https://gist.github.com/bantu/ebc168eca221137b1b54
        [18:58:37] <bantu> The problem to me seems to be that version detection is possible with core features only. But this is non-explicit and a hack.
        [18:58:46] <bantu> This suggests to me that mod_version should be part of core.
        [19:01:26] <thumbs> bantu: should?
        [19:01:46] <thumbs> bantu: I wholeheartely disagree.
        [19:04:14] <bantu> thumbs: and your suggestion for a proper solution is?
        [19:04:32] <thumbs> bantu: separate htaccess files depending on the version of httpd
        [19:04:37] <thumbs> bantu: just like you did!
        [19:04:50] <bantu> where did i do that?
        [19:04:58] <thumbs> bantu: do what, exactly?
        [19:05:35] <bantu> thumbs: This is a single file and it works on Apache 2.2 and Apache 2.4 without the compat module.
        [19:05:40] <bantu> I did not create two files.
        [19:05:47] <thumbs> bantu: or you can use IfModule
        [19:06:05] <thumbs> bantu: so, two different files, or one with IfModule, as you did
        [19:06:12] <bantu> which is what I am doing
        [19:06:19] <bantu> but find it very very unclean
        [19:06:34] <bantu> there is no gurantee that mod_authz_core.c is not added in a later 2.2 version
        [19:06:36] <thumbs> bantu: it's fine.
        [19:11:14] <bantu> thumbs: I am surprise you think checking for mod_authz_core.c is a clean/acceptable solution.
        [19:11:40] <thumbs> bantu: if you want to complain, either the dev mailing list.
        [19:11:51] <thumbs> s/either /either mail /
        [19:11:51] <fajita> thumbs meant: bantu: if you want to complain, either mail the dev mailing list.
        [19:12:50] <thumbs> bantu: whatever you do, continuing this banter in #httpd is not really acceptable.
        [19:14:15] <bantu> banter?
        

        Btw, there is also no guarantee that mod_authz_core.c is not removed or renamed in 2.4 or later.

        Show
        bantu Andreas Fischer added a comment - - edited Discussion with Frank Gingras in #httpd: [18:58:11] <bantu> Humbedooh, thumbs: This is as far as we are now. https://gist.github.com/bantu/ebc168eca221137b1b54 [18:58:37] <bantu> The problem to me seems to be that version detection is possible with core features only. But this is non-explicit and a hack. [18:58:46] <bantu> This suggests to me that mod_version should be part of core. [19:01:26] <thumbs> bantu: should? [19:01:46] <thumbs> bantu: I wholeheartely disagree. [19:04:14] <bantu> thumbs: and your suggestion for a proper solution is? [19:04:32] <thumbs> bantu: separate htaccess files depending on the version of httpd [19:04:37] <thumbs> bantu: just like you did! [19:04:50] <bantu> where did i do that? [19:04:58] <thumbs> bantu: do what, exactly? [19:05:35] <bantu> thumbs: This is a single file and it works on Apache 2.2 and Apache 2.4 without the compat module. [19:05:40] <bantu> I did not create two files. [19:05:47] <thumbs> bantu: or you can use IfModule [19:06:05] <thumbs> bantu: so, two different files, or one with IfModule, as you did [19:06:12] <bantu> which is what I am doing [19:06:19] <bantu> but find it very very unclean [19:06:34] <bantu> there is no gurantee that mod_authz_core.c is not added in a later 2.2 version [19:06:36] <thumbs> bantu: it's fine. [19:11:14] <bantu> thumbs: I am surprise you think checking for mod_authz_core.c is a clean/acceptable solution. [19:11:40] <thumbs> bantu: if you want to complain, either the dev mailing list. [19:11:51] <thumbs> s/either /either mail / [19:11:51] <fajita> thumbs meant: bantu: if you want to complain, either mail the dev mailing list. [19:12:50] <thumbs> bantu: whatever you do, continuing this banter in #httpd is not really acceptable. [19:14:15] <bantu> banter? Btw, there is also no guarantee that mod_authz_core.c is not removed or renamed in 2.4 or later.
        Hide
        Kostenloses-Forum Kostenloses-Forum added a comment -

        If it helps drupal has the same problem: https://drupal.org/node/1599774

        Show
        Kostenloses-Forum Kostenloses-Forum added a comment - If it helps drupal has the same problem: https://drupal.org/node/1599774
        Show
        bantu Andreas Fischer added a comment - WIP: https://github.com/bantu/phpbb3/compare/phpbb:develop-olympus...bantu:ticket/11860
        Hide
        bantu Andreas Fischer added a comment - - edited

        Could further add support for ModRewrite

        Show
        bantu Andreas Fischer added a comment - - edited Could further add support for ModRewrite

          People

          • Assignee:
            bantu Andreas Fischer
            Reporter:
            nickvergessen Joas Schilling
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development