HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


My service provider's .htaccess file

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#82819 (In Topic #17262)
Avatar

Fan in action


My Service Provider puts a .htaccess file in the site directory.

I get an internal server error whenever I try to edit my ocportal site.

I've tried renaming the recommended and plain .htaccess file - no luck.

I'm wondering if maybe ocportals .htaccess file needs any setting from the ISP's version below ?

Thanks,
Nick

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName bluejade.za.net
AuthUserFile /home/bluejghu/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/bluejghu/public_html/_vti_pvt/service.grp



 

Back to the top
 
Posted
Rating:
#82824
Avatar

Community saint

Try adding the auth stuff to recommended  .htaccess.

I've had strange problems in the past when my site was password protected.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#82825
Avatar

Community saint

temp1024 said

Try adding the auth stuff to recommended  .htaccess.

I've had strange problems in the past when my site was password protected.
I've had weird stuff happen too. I usually just go into cPanel and update the password for the directory. That always seems to fix it.

Bob
Back to the top
 
Posted
Rating:
#82880
Avatar

Fan in action

Thanks Bobs and Temp1024,

I tried both your advices. In the meantime my service provider (Afrihost) has replied as well.

My concern is Afrihost's last paragraph :

The PHP handler on the server is "fcgi". You can't change PHP settings via ".htaccess" file. All the PHP related settings should be changed via "php.ini" file and the file should be present under the directory "/home/sjkrufio" (Home directory of the domain). Please let me know if you want to change any of the PHP variable values.

This sounds like a problem to me ... I recall Chris said something about php.ini files somewhere ...

Another point Afrihost raised was mod_security restrictions - here is their email :


Dear Nick,

I have analyzed the error logs and found that the error was caused due to mod_security restrictions. Please refer the log file entries below.

=========
[Wed Apr 04 12:45:42 2012] [error] [client 41.174.54.107] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(ht|f)tps?:/" at ARGS:redirect. [file "/usr/local/afribin/apache/mod_security/apache2/rules.conf"] [line "155"] [id "300018"] [rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"] [hostname "www.sjkruger.co.za"] [uri "/index.php"] [unique_id "T3wmVsQmKHsAAAPVSqcAAAAF"]
[Wed Apr 04 12:45:42 2012] [error] [client 41.174.54.107] File does not exist: /home/sjkrufio/public_html/500.shtml, referer:http://www.sjkruger.co.za/

{'severity': 'CRITICAL', 'timestamp': '', 'hostname': 'www.sjkruger.co.za', 'rev': '3', 'uri': '/index.php', 'client': '41.174.54.107] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(ht|f)tps?:/" at ARGS:redirect. [file "/usr/local/afribin/apache/mod_security/apache2/rules.conf', 'error': 'error', 'msg': 'Generic PHP code injection protection via ARGS', 'line': '155', 'id': '300018', 'unique_id': 'T3wmVsQmKHsAAAPVSqcAAAAF'}
Last violation: 340147 (Atomicorp.com WAF Rules: Generic XSS filter) at http://www.metcash.co.za/Scriptperience to you. We are committed to satisfying all our customer requirements through superior service and consistently supplying quality products at competitive prices.</p><p class=
=========

mod_security' is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. The mod_security rules with the ids "300018" and "340147" were preventing the URL access as it tried to violate the rules. We have excluded the rules for the domain so as to fix the issue.

=========
cat /usr/local/apache/conf/userdata/std/2/sjkrufio/sjkruger.co.za/modsec.conf

<IfModule mod_security2.c>
# Turn off specific rules
SecRuleEngine On
SecRuleRemoveById 300018 340147
</IfModule>
=========

Please check and let me know if you still face any issues.

>> I can also only login from the admin zone - not the site zone.

If the issues persist, please let me know the 'admin' login details and the exact steps to recreate the issue so that I can assist you further with the help of real time evidences.


>> http://sjkruger.co.za/adminzone/

Please provide me the login details of admin zone so that I can help you better.

>> I see Afrihost puts a .htaccess file in the public_html directory._Does this imply that Afrihost allows .htaccess files to change php settings etc. ??_

The PHP handler on the server is "fcgi". You can't change PHP settings via ".htaccess" file. All the PHP related settings should be changed via "php.ini" file and the file should be present under the directory "/home/sjkrufio" (Home directory of the domain). Please let me know if you want to change any of the PHP variable values.



Warm Regards
Prasad
Afrihost.com
Pure Internet Joy!

Please visit your Afrihost Client Zone, https://clientzone.afrihost.com to activate your account, update your details, make changes to your account and packages and much much more.


Ticket Details

Ticket ID: EUN-733-68881
Department: Afrihost - Hosting Support
Type: Issue
Status: Closed
Priority: High

Support Center: https://support.afrihost.com/?/default_import


Back to the top
 
Posted
Rating:
#82922
Avatar

Community saint

Nick said

My concern is Afrihost's last paragraph :

The PHP handler on the server is "fcgi". You can't change PHP settings via ".htaccess" file. All the PHP related settings should be changed via "php.ini" file and the file should be present under the directory "/home/sjkrufio" (Home directory of the domain). Please let me know if you want to change any of the PHP variable values.

This sounds like a problem to me … I recall Chris said something about php.ini files somewhere …
I don't think that that will be too much of a problem. I think most of the php.ini issues with ocPortal relate to tweaking memory, and it sounds like you will still be able to do that.
Another point Afrihost raised was mod_security restrictions
I think that this will be more of a teething problem then any real show stoppers.

ocPortal works best with with mod_security disabled because of the false positives that it generates, like the two your host has identified, and it has its own security to compensate.

Hopefully you won't encounter any more, but if you do sounds like your host is happy to fix it.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#82954
Avatar

Fan in action


Hi Temp1024

Yes ! They did fix it - as you said - by disabling mod_security rules for the site.

Thanks all,
Nick

PS : You might be amused to know that Afrihost came to have a look at OCportal forum and quoted your reply when they explained the problem to me.


Last edit: by Nick
Back to the top
 
Posted
Rating:
#82973
Avatar

Community saint

Nick said

PS : You might be amused to know that Afrihost came to have a look at OCportal forum and quoted your reply when they explained the problem to me.
:lol:  :lol:  :lol:


Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#82974
Avatar

Community saint

That's because temp is a pro worthy of quoting. He's always right except for the few times he's wrong. ;)

Bob
Back to the top
 
Posted
Rating:
#83000
Avatar

afrihost gave you some good support there :).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: