Shaarli 0.10.0 : .htaccess gives error 500

[Draky50110]

Hello.
Tried to update from 0.9.6 to 0.10.0 and .htaccess gives me "Internel Server Error" so i deleted .htaccess.
Is it mandatory ?

[virtadpt]

I don't know if it's mandatory or not. However, it's possible to just edit .htaccess and not wipe it out entirely. Comment out this bit with pound signs and it'll work.

<Limit GET POST PUT DELETE OPTIONS>
    Require all granted
</Limit>
<LimitExcept GET POST PUT DELETE OPTIONS>
    Require all denied
</LimitExcept>

I ran into this problem, too, and this is how I fixed it.

[Draky50110]

Thanks, it worked !
But not sure it is a good solution, I don't know what these lines do !

[ArthurHoaro]

Hi, sorry for the delay. These lines have been added for the REST API, see @virtualtam's answer in this thread.

Which version of Apache are you using? Do you have any special directive in your virtual host configuration?

[Draky50110]

My PHPInfo : https://gilles.wittezaele.fr/phpinfo.php
Apache is 2.2 and no virtual host special config, just "basic" from my shared webhost.

[ArthurHoaro]

@Draky50110 Can you create a temporary PHP file containing:

<?php var_dump(apache_get_modules());

Display it, and check if you see mod_version in the list?

[Draky50110]

https://gilles.wittezaele.fr/mod.php
Error :(

[ArthurHoaro]

Crap. Well, can you try to apply the patch in #1200 and see if it results in a 500 HTTP error?

[Draky50110]

Downloaded this https://raw.githubusercontent.com/shaarli/Shaarli/8aca613b07c9d9af11a84d33e88c00b1c32eee02/.htaccess
Still error.

[ArthurHoaro]

Ok, thank you. Apache changed its Require directive syntax between its version 2.2 and 2.4. We provide a compatibility support through mod_version which doesn't seem to be enabled on your shared hosting. If it's not enabled, we fallback on Apache 2.4 syntax.

There is not much we can do for Shaarli's .htaccess files (except #1200, which doesn't affect you unfortunately), and you'll have to maintain them manually. However, WebThumbnailer's .htaccess files in cache folders are generated dynamically, so I'll add a setting to override the version.

[Draky50110]

Ok.
Asked my webhost if I can switch from Apache 2.2 to 2.4 and will see...

[Draky50110]

Can't go to Apache 2.4 so...

[ArthurHoaro]

Here is what you need to do to make Shaarli work properly on Apache 2.2 with .htaccess files enabled and mod_version disabled:

• Upgrade to Shaarli v0.10.1 which I just released
• In all .htaccess files, where you see <IfModule !version_module>, replace the content line by what's between <IfVersion < 2.4> tags.

Example for the root .htaccess file:

# Disable directory listing
Options -Indexes

RewriteEngine On

# Prevent accessing subdirectories not managed by SCM
RewriteRule ^(.git|doxygen|vendor) - [F]

# Forward the "Authorization" HTTP header
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# REST API
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

<Limit GET POST PUT DELETE OPTIONS>
  <IfModule version_module>
    <IfVersion >= 2.4>
       Require all granted
    </IfVersion>
    <IfVersion < 2.4>
       Allow from all
       Deny from none
    </IfVersion>
  </IfModule>

  <IfModule !version_module>
    Allow from all
    Deny from none
  </IfModule>
</Limit>

<LimitExcept GET POST PUT DELETE OPTIONS>
  <IfModule version_module>
    <IfVersion >= 2.4>
       Require all denied
    </IfVersion>
    <IfVersion < 2.4>
       Allow from none
       Deny from all
    </IfVersion>
  </IfModule>

  <IfModule !version_module>
    Allow from none
    Deny from all
  </IfModule>
</LimitExcept>

Here is a list of .htaccess files in Shaarli (in tarball releases):

• ./cache/.htaccess
• ./tmp/.htaccess
• ./application/.htaccess
• ./assets/.htaccess
• ./data/.htaccess
• ./.htaccess
• ./pagecache/.htaccess

You also need to edit the file inc/web-thumbnailer.json to add your Apache's version:

{
  "settings": {
    "default": {
      "download_mode": "DOWNLOAD",
      "_comment": "infinite cache",
      "cache_duration": -1,
      "timeout": 10
    },
    "path": {
      "cache": "cache/"
    },
    "apache_version": "2.2"
  }
}

[ArthurHoaro]

On a side note, I can understand why a shared hosting company wouldn't want to upgrade to an Apache version which contains breaking changes, however, you can at least advise them to enable mod_version to avoid this kind of issues.

[Draky50110]

Thanks for the fix, will test it soon :)
I advised them that 2.2 is no more supported by Apache foundation, since last december...
Thanks for the tip for mod version.

[Draky50110]

Yes, working on a testing instance :)
Will now upgrade all my instances ;)
Thanks !