Topic: htaccess on SME7

[arch-stanton]

Hello,

I have started to use the SME7 Beta8, I have searched the forums and contrib’s  and I have managed to install phpmyadmin, everything is working fine with the exception of htaccess.

I am installing Mambo/Joomla and to have the CMS search engine friendly I must use their .htaccess file to invoke the module_rewrite.

After searching I found this RPM “e-smith-htaccess-1.1-2.noarch.rpm” however, when I install this rpm I get a HTTP ERROR “You are not authorised to view this page”

When I remove the rpm the error is gone.

Can anybody give me some pointers on how to get htaccess working.

Thanks in advance

[raem]

arch-stanton

Search here for a htaccess HOWTO, type htaccess in the search window at top right corner and look at web links.
I'm not sure if it works on sme 7beta, but the concepts are the same.

Let me know your results.

[djhomeless]

Hi Ray,
I'm also using SME7b8 but this contrib will not install. I'm not sure if this is the sort of thing that should be reported to the bug tracker?

I've used this contrib previously with 6.x and 6.5. I basically need it to enable mod_rewrite for Joomla and Wordpress.

thanks in advance,

Geoffrey

[raem]

djhomeless

> I'm also using SME7b8 but this contrib will not install.

Re e-smith-htaccess-1.1-2.noarch.rpm
You should really track down the author of that contrib rpm and report it to him/her. Look inside the rpm for possible author details.


Note that my HOWTO and the contrib rpm are different things.
If you follow the steps outlined in the HOWTO to create a custom template you do not need the rpm contrib.

I have not proven the HOWTO steps work on 7beta8 though, so let me know if it does or doesn't.

[bmph8ter]

Not to just butt in on this conversation, but can I infer that .htaccess files are not supported by the current 7.x betas out of the box?

Is there any reason for this?  It's something (that to me anyway) seems to be used by lots and lots of people and I (personally) think it would be nice to have it just work.  Some of the PHP settings I've run into and had to change (open_basedir, etc) I can understand from a security standpoint, but not allowing .htaccess by default doesn't make any sense to me.

Perhaps there is somewhere I could read about this design decision and become better informed.  Sorry for hijacking this thread, and developers thanks for all your hard work!

[CharlieBrady]

Not to just butt in on this conversation, but can I infer that .htaccess files are not supported by the current 7.x betas out of the box?

Is there any reason for this?

It's completely unnecessary, because a small custom template fragment will achieve the same result in a more secure fashion.

[bmph8ter]

It's completely unnecessary, because a small custom template fragment will achieve the same result in a more secure fashion.

But is that something that will always be supported?  I try to be cautious about making modifications to my server as I REALLY like it when things like upgrades and security updates go accoring to plan. Thanks for the answer Charlie.

[raem]

Hey bmph8ter

The htaccess HOWTO I wrote was based on a forum post by Charlie Brady.

The whole point of the templating process is that you can make custom changes to your server and if something breaks you can easily return it to it's previous condition.
ie
create custom template fragment, expand template.
delete custom template fragment, expand template.

Try it on sme 7bet8 and let us know the outcome.

http://mirror.contribs.org/smeserver/contribs//rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm

[bmph8ter]

Cool.  Thank you gentlemen very much for your answers.  

[djhomeless]

Hi Ray,
Great HOWTO. Only problem is that it doesn't help me.

My problem is that I'm not using htaccess to restrict access to a directory or file as your HOWTO discusses. I need/use htaccess to implement mod_rewrite on a per-site basis. I run a few sites off my server, and each site uses a different system to manage it. These include Wordpress, Mambo/Joomla, and Gallery (I also used to use Drupal). In each case, the applications have an ability to use Clean URL's ie rewriting a query string to be a nice readable url (ergo something.php?article=12 becomes helloworld.html).

What happens behind the scenes is when you create a new file or entry, the system of choice then writes to the local htaccess file to insert the rule. While your template covers just access rights, I suppose it could also insert re-write rules. However, it would be a bit time consuming because you would have to update the template (and rebuild) every time you created a new page.

I can appreciate that some aspects of using an htaccess file can be a security risk, but this isn't one of those cases. Surely there is a way to globally allow htaccess files?

From my perspective, I would never have a reason to use htaccess to restrict access to a folder or file, and if I did, the template procedure you and Charley wrote seems fairly easy to follow.

My 2 cents,

Geoffrey

[djhomeless]

Does anyone know how to enable htaccess files in SME7? I've tried contacting the author of the contrib but I've received no reply....well, it is the holidays after all!

Thanks,

Geoffrey

[djhomeless]

....it's the simple stuff that gets you.

It's the allowoveride directive in httpd.conf that is restricting the htaccess files. Simply by changing None to All in 90e-smithAccess40ibays (in my custom folder) solves my problem.

However, I wish I knew more about how the SME templating process works as I would prefer to only enable htaccess on an as-need basis. At the moment, out of the 10 domains I host only 2 need mod_rewite.

For me, the risk is minimal because my data is not sensitive, and I don't need to restrict access to a folder. However, others should think twice before enabling it (if its not really needed).

Geoffrey

[arch-stanton]

I used the yum update on SME7 B8 and then reinstalled the, e-smith-htaccess-1.1-2.noarch.rpm

The update seems to have done the trick

.htaccess is now working fine, I’m using it on Joomla with the SEF module enabled, here’s my .htaccess

Code: [Select]


##
# @version $Id: htaccess.txt 1005 2005-11-13 17:33:59Z stingrey $
# @package Joomla
# @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##

Options +FollowSymLinks

#  mod_rewrite in use

RewriteEngine On

#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update YourJoomlaDirectory (just / for root)

# RewriteBase /YourJoomlaDirectory
#  Rules

RewriteCond %{REQUEST_FILENAME} !\.(jpg|jpeg|gif|png|css|js|pl|txt)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php


[/code]

[deunan]

Okays...

I followed RayMitchell's Howto (which was based on Charlie Brady's), and proceeded to create a custom template..

I'm trying to install postnuke with xanthia's shorturls..

Code: [Select]


<Directory /home/e-smith/files/ibays/ibayname/html>

Options FollowSymLinks

RewriteEngine On

# index.php and user.php
RewriteRule ^changelang-([^-]+)\.html$ index.php?newlang=$1 [L,NC,NS]
RewriteRule ^changetheme-([^-]+)\.html$ index.php?theme=$1 [L,NC,NS]
RewriteRule ^index\.html$ index.php [L,NC,NS]
RewriteRule ^user\.html$ user.php [L,NC,NS]


#Lotsa stuff here deleted...

</Directory>

Seems that, when I expand the template, and restarted apache

Code: [Select]


/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/rc7.d/S86httpd-e-smith restart


The whole ibay got locked - 403

Other ibays is okay, except the one specified...

But if I removed RewriteEngine

Code: [Select]

#RewriteEngine On

It's works again, but shorturl doesn't work...

Can someone tell me where did I do wrong?  Or did I omit somethinbg crucial?

I really want to nail this thing...


Sincere regards amd thanks!

[Pacjack]

I used the yum update on SME7 B8 and then reinstalled the, e-smith-htaccess-1.1-2.noarch.rpm

The update seems to have done the trick

Does not work for me :(

I'm using SME Server 7.0rc1

Code: [Select]


# rpm -Uvh http://mirror.contribs.org/smeserver/contribs//nightspirit/e-smith                                           -htaccess/e-smith-htaccess-1.1-2.noarch.rpm
Retrieving http://mirror.contribs.org/smeserver/contribs//nightspirit/e-smith-htaccess/e-smi                                           th-htaccess-1.1-2.noarch.rpm
Preparing...                ########################################### [100%]
   1:e-smith-htaccess       ########################################### [100%]
WARNING in /etc/e-smith/templates-custom//etc/httpd/conf/httpd.conf/90e-smithAccess40ibays: *WARNING* esmith::config(/home/e-smith/accounts) called with old database path. The following package needs to be updated:  at /usr/lib/perl5/site_perl/esmith/config.pm line 374
        esmith::config::TIEHASH('esmith::config', '/home/e-smith/accounts') called at /etc/e-smith/templates-custom//etc/httpd/conf/httpd.conf/90e-smithAccess40ibays line 7
        eval 'package esmith::__TEMPLATE__::1; ;
#line 5 /etc/e-smith/templates-custom//etc/httpd/conf/httpd.conf/90e-smithAccess40ibays
...

;' called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 319
        Text::Template::fill_in('Text::Template=HASH(0x8d37f18)', 'HASH', 'ARRAY(0x8ba1104)', 'PACKAGE', 'esmith::__TEMPLATE__::1', 'BROKEN', 'CODE(0x8d2a9c0)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 382
        Text::Template::fill_in_file('/etc/e-smith/templates-custom//etc/httpd/conf/httpd.conf/90e-...', 'HASH', 'A                                           RRAY(0x8ba1104)', 'PACKAGE', 'esmith::__TEMPLATE__::1', 'BROKEN', 'CODE(0x8d2a9c0)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/site_perl/esmith/templates.pm line 528
        esmith::templates::processTemplate('HASH(0x8a04f4c)') called at /sbin/e-smith/expand-template line 45
WARNING: Template processing succeeded for //etc/httpd/conf/httpd.conf: 1 fragment generated warnings
 at /sbin/e-smith/expand-template line 45


[djhomeless]

You don't really need that contrib if all you want to do is enable mod_rewrite.

Just create a template of 90e-smithAccess40ibays in your custom path and enable allowoveride. As I said above, be warned that this will enable allowoveride for all ibays.

Not to rant here, but I don't understand why this was disabled in the first place. Maybe its a security risk for some, but the choice should ultimately be down to the individual sysadmin.

</rant>

my 2 cents,

Geoffrey

[slords]

why all this talk of a custom template.  Just set the AllowOverride property of the ibay and update it.

# db accounts setprop wordpress AllowOverride All
# signal-event ibay-modify wordpress

That should be all you need to allow htaccess from an ibay named wordpress.

[Pacjack]

why all this talk of a custom template.  Just set the AllowOverride property of the ibay and update it.

Because CharlieBrady once said:

Using .htaccess is definitely less secure. httpd.conf templates are definitely under admin's control. .htaccess files are not, and could have insecure permissions.

[thyeum]

Hi djhomeless,

I've just installed a SME-server box with WordPress, Gallery, and WPG2 and I would like to enable mod_rewrite because all three require it for permalinks.
According to your post it seems easy to do it since you just need to

create a template of 90e-smithAccess40ibays in your custom path and enable allowoveride.

Unfortunately, I am pretty new at all this, and I have no idea how to do that.
A little help would be greatly appreciated.

Both installations of Wordpress and Gallery are in the Primary ibay.

Thanks,

Mathieu

[jameswilson]

Hi all im having the same difficulty i need to enable mod_rewrite for wordpress but when i do

# db accounts setprop wordpress AllowOverride All
# signal-event ibay-modify wordpress

i get 403 errors, i dont understnd what to alter in the template to affect only one ibay but to be honest it would be more use on them all so id like to enable it globally

[raem]

jameswilson

> i get 403 errors

Do you need to use https://....

[jameswilson]

Hi ray no i dont.

Im trying to use .htaccess with mod_rewrite and permalinks with wordpress, i have found with a few rebuilds that if i dont enable the permalinks all is fine, if i enable the permalinks then the urls are requested in the correct way but no content, ie page not found. I assume this is because mod_rewrite isnt rewriting? so i did the above and then things go bad. I get 403 errors all over the ibay. Im assuming its something daft and my limited ability as i have yet to find something sme cant do. Any pointers or help will be great

Thanks Ray

James

[russs]

Don't know if anybody is still interested in this but I am trying to get SSL on my KnowledgeTree install on SME 7.
I found this document about making a template for this;

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm
 
Might be a bit iof an old document now but have a look.
Unfortunately for me, the KnowledgeTree RPM sets it up in the /opt directory so I'm still stuck but though it might help you Guys.

Russ

[jameswilson]

jameswilson

> i get 403 errors

Do you need to use https://....

just double checking and with https i still get 'forbidden errors'

im not trying to get ermissions working etc, and i may be well up the wrong tree then, im just trying to gwt wordpress to work with permalinks ie seo url's. Id like to get seo urls accross a few of my ibays but this one is critical for me.

cheers lads

james

[william_syd]

Don't know if anybody is still interested in this but I am trying to get SSL on my KnowledgeTree install on SME 7.
I found this document about making a template for this;

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm
 
Might be a bit iof an old document now but have a look.
Unfortunately for me, the KnowledgeTree RPM sets it up in the /opt directory so I'm still stuck but though it might help you Guys.

Russ

I have KT3 on SSL

My template..

Code: [Select]


# knowledgetree3
Alias /dms /opt/knowledgetree3
<Directory /opt/knowledgetree3>
    SSLRequireSSL on
    Options -Indexes
    AllowOverride all
    order deny,allow
    deny from all
    allow from all
    Satisfy all
    AddType application/x-httpd-php .php .php3
    php_flag  magic_quotes_gpc  on
    php_flag  track_vars        on
</Directory>




which lives in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf and is called 86dms

If you did a rpm install yours will probably be in /etc/e-smith/templates/etc/httpd/conf/httpd.conf What it will be called I don't know.

[william_syd]

jameswilson

> i get 403 errors

Do you need to use https://....

just double checking and with https i still get 'forbidden errors'

im not trying to get ermissions working etc, and i may be well up the wrong tree then, im just trying to gwt wordpress to work with permalinks ie seo url's. Id like to get seo urls accross a few of my ibays but this one is critical for me.

cheers lads

james

Remove any custom template YOU created.
Remove any .htaccess file in the wordpress ibay.

Then..

Code: [Select]

expand-template /etc/httpd/conf/httpd.conf
db accounts setprop wordpress AllowOverride All
signal-event ibay-modify wordpress

Does wordpress work ? Naturally it will not have SEO.

I have wordpress hosted elsewhere so don't ask me about server details but my .htaccess contains..

Code: [Select]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

My permalinks look like..

Code: [Select]

http://www.magicwilly.webhostingpal.com/2006/10/04/folly/

[jameswilson]

william
Thankyou for helping

Wordpress works untill rewrite engine is turned on then i get forbidden errors

Code: [Select]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


if i turn rewrite engine off, wordpress works again

I removed as you said .htaccess files and i have no templates i have added to this server. I assume then something else is mising but alas i have no idea what

Many thanks

James

[william_syd]

What I was getting at is with no .htaccess and no custom templates then setting Allowoveride All should not stop wordpress working.

If the above is true than any errors are generated by the syntax of your .htaccess file.

I was not suggesting that you use mine verbatim but to compare it with what you were trying previously. I'm sure RewriteBase / should be more like RewriteBase /ibayname

[jameswilson]

william you are correct if i remove the .htaccess file then it works, or if i edit and turn rewrite off it works

The htaccess file is automatically generated by wordpress and as it happens is the same as the one my wordpress generated, i didnt copy and paste yours.

But as an excersise, i installed wordpress onto another server (managed isp server ) as a test and it worked first time using the generated htaccess file.
Maybe its not mod-rewrite thats the problem, maybe i need soemthing else

lol but what god only knows!

Thanks again

James

[william_syd]

I did a late edit but try RewriteBase /ibayname in your .htaccess

Does the url for your wordpress contain the ibayname at the end ?

[jameswilson]

no it doesnt, it is in the root of the ibay httml folder

[william_syd]

no it doesnt, it is in the root of the ibay httml folder

If the ibay is named blog is it not accessed by http://some.server.name/blog ?

[jameswilson]

i have created an ibay and set a dedicated domain to point to it, so when going to the domain name, obviously sme gets th dats fromthe relavent ibay i presume

[jameswilson]

being daft and not thinking i have only just checked the logs

[Wed Mar 07 12:32:11 2007] [error] [client xxx.xxx.xx.xxx] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/e-smith/files/ibays/test/html/

does that help?

[william_syd]

being daft and not thinking i have only just checked the logs

[Wed Mar 07 12:32:11 2007] [error] [client xxx.xxx.xx.xxx] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/e-smith/files/ibays/test/html/

does that help?

Interesting

Try

Code: [Select]

# db accounts setprop wordpress FollowSymLinks enabled
# signal-event ibay-modify wordpress

wordpress being your ibay name. Looks like test from your log fragment.

BTW.. Bedtime  -Posted: 07 Mar 2007 23:48

[jameswilson]

you hero!!!
dead on the money.

I offered a reward for this so i will send it. paypal? and where?

Thank you so much for your help too, could never have done it without

Many many thanks

James

[jameswilson]

I have donated to the project instead
Many thanks All, especially you william for this and the rest of the team for the main bits

James