Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compatibility with Apache v2.4 #682

Closed
hameau opened this issue Oct 31, 2013 · 7 comments
Closed

Compatibility with Apache v2.4 #682

hameau opened this issue Oct 31, 2013 · 7 comments
Labels
discussion Enhancement
Milestone
v3.3.2

Comments

@hameau
Copy link
Contributor

hameau commented Oct 31, 2013

Apache v2.4 is now appearing in the wild. There are some steps that need to be taken to ensure compatibility, particularly with .htaccess Deny and Allow directives.

Apparently, hosting providers may not include the Apache compatibility module (but that may be a symptom of early adoption).

Forum reference (with workaround):
http://get-simple.info/forums/showthread.php?pid=40784#pid40784

Apache docs:
https://httpd.apache.org/docs/current/upgrading.html
https://httpd.apache.org/docs/current/howto/access.html

(Aside: may tie in with .htaccess rationalising - #453 )
tablatronix added a commit that referenced this issue Jan 9, 2014
@tablatronix
htaccess apache upgrades
5573890 
apache 2.4 compatibility
module protections
closes #683
closes #580
closes #682
@tablatronix tablatronix reopened this Feb 11, 2014
@tablatronix
Copy link
Member

This does not fix the .htaccess files in repo, only the tmp ones. Need to come up with a way to replace them all, or have install move these files for us, and keep them and dir structure out of the repo. But this will probably give us hell with permissions of user base.

Not sure the best way to proceed.

@tablatronix
Copy link
Member

#770
just going to replace them all in core, and hope they are correct.
Il probably mass edit them

@tablatronix
Copy link
Member

removed backups/other .htaccess
redundant

@tablatronix
Copy link
Member

for some reason the inc folder has no htaccess and files that are allowed to be hit with a browser, which makes no sense for an include folder.

everything not an include needs to be removed from this and it protected with htaccess

  • ajax.php
  • thumb.php

#395

@tablatronix
Copy link
Member

FYI you cannot mix old syntax with new syntax.

If you have mod_access_compat, and use order deny then you can only override it with order allow, require granted will not work

So this breaks all plugins that have htaccess files.
I need to add conditionals for apache compat AND 2.4

@tablatronix
Copy link
Member

new solution

  • If <2.3 uses old order by
  • if >2.3 and has access_compat use old order by ( supports plugins htaccess )
  • else use require
#
# GetSimple CMS htaccess DENY file
#

# prevent breaking plugin htaccess, prefer compat,  since require is not overridable by order

# apache < 2.3
<IfModule !mod_authz_core.c>
    Deny from all
</IfModule>

# apache > 2.3 with mod_access_compat
<IfModule mod_access_compat.c>
    Deny from all
</IfModule>

# apache > 2.3 without mod_access_compat
<IfModule mod_authz_core.c>

    <IfModule !mod_access_compat.c>
        Require all denied
    </IfModule>

</IfModule>

Needs testing on 2.2 and 2.4 in the wild.

tablatronix added a commit that referenced this issue Mar 12, 2014
@tablatronix
fixes #682 another attempt
b9e5aa9
@tablatronix
Copy link
Member

Removed deny htaccess from innovation and anonymous /langs

@tablatronix tablatronix added Feature and removed Bug labels Mar 12, 2014
@tablatronix tablatronix mentioned this issue Feb 6, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion Enhancement
Projects
None yet
Milestone
v3.3.2
Development

No branches or pull requests
2 participants
@hameau @tablatronix