ClearFoundation Tracker - ClearOS
View Issue Details
0002049ClearOSapp-flexshare - Flexsharespublic2014-11-27 13:402016-02-25 09:15
marclaporte 
 
highmajoralways
closedfixed 
6.6.0 Beta 2 
6.7.0 Updates 
0002049: Web server -> allow .htaccess overrides causes "forbidden" error with RewriteEngine ON
Just tested the new 6.6.0 Beta 2. Overall, it's looking pretty solid so far.

"allow .htaccess overrides" is the default
It's common in web apps to use RewriteEngine in .htaccess

This error was seen as the default site and on an add-on site. tiki-check.php confirms that mod_rewrite is loaded.

Thanks!
* Fresh install of ClearOS 6.6 Beta 2
* Install Web & MySQL apps
* Install Tiki
* The Tiki installer will add a symbolic link from .htaccess to _htaccess and it crashes there. Even if _htaccess is renamed to .htaccess, the error persists.

As a reference, see the <IfModule mod_rewrite.c>
http://sourceforge.net/p/tikiwiki/code/HEAD/tree/branches/12.x/_htaccess [^]

Changing RewriteEngine ON to RewriteEngine OFF in .htaccess prevents the error message.
No tags attached.
Issue History
2014-11-27 13:40marclaporteNew Issue
2014-12-04 08:37marclaporteNote Added: 0001319
2014-12-10 10:25user2Statusnew => acknowledged
2014-12-24 12:09marclaporteNote Added: 0001326
2015-01-06 13:44user2Target Version => 6.6.0 Updates
2015-01-20 14:51user2Note Added: 0001335
2015-01-20 14:53user2Note Added: 0001336
2015-01-20 15:00user2Issue cloned: 0002138
2015-01-20 22:17marclaporteNote Added: 0001338
2015-01-20 22:46marclaporteNote Added: 0001339
2015-01-30 17:13marclaporteNote Added: 0001363
2015-04-20 11:34marclaporteNote Added: 0001471
2015-08-13 18:19user2Target Version6.6.0 Updates => 6.7.0
2015-08-26 18:00user2Target Version6.7.0 => 6.7.0 Updates
2016-02-25 09:13user2Categoryapp-web-server - Web Server => app-flexshare - Flexshares
2016-02-25 09:15user2Note Added: 0002671
2016-02-25 09:15user2Statusacknowledged => resolved
2016-02-25 09:15user2Resolutionopen => fixed
2016-02-25 09:15user2Assigned To => user2
2016-02-25 09:15user2Statusresolved => closed
2016-02-25 09:15user2Assigned Touser2 =>

Notes
(0001319)
marclaporte   
2014-12-04 08:37   
Also, a few weeks ago, I had one server which was fine one day and had this problem the next. I manually adjusted the Apache config and figured it was just an issue with an upgrade caused by a local modification (I use PHP 5.5 on that server), so I didn't report the issue. By I now realize the bug is in the canonical version of ClearOS.

Thanks!
(0001326)
marclaporte   
2014-12-24 12:09   
Workaround is to add the following to the bottom of /etc/httpd/conf/httpd.conf (replacing example.com with your own path / domain):

<Directory "/var/www/virtual/example.com">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

This is odd because AllowOverride All is already in /etc/httpd/conf.d/flex-80.conf (which appears to not be picking up)

Thanks!
(0001335)
user2   
2015-01-20 14:51   
The "Follow Symbolic Links" feature must be enabled for Tiki. Here was the error in the logs:

[Tue Jan 20 16:44:45 2015] [error] [client 192.168.55.1] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden... tiki-install.php

One I enabled symlinks, the forbidden rule disappeared.

Note: the Tiki app (yum install app-tiki).
(0001336)
user2   
2015-01-20 14:53   
I will change the title of the feature from "Follow Symbolic Links" to "Follow Symbolic Links / Allow Rewrite".
(0001338)
marclaporte   
2015-01-20 22:17   
Thanks Peter!

That's an easy fix! I didn't realize these two things were related. I added a comment here: https://dev.tiki.org/item2479 [^] to make Tiki more robust to this type of situation.

In my tests, the directive "Allow [.htaccess] Override" seems to work even if it's turned off. I would expect that most folks using ClearOS would not want to prevent .htaccess override, but the best would be to fix or remove.

Specifically, changelog.txt is blocked no matter if "Allow [.htaccess] Override" is on or off when I added a .htaccess which contains the content below:
<FilesMatch "^(changelog.txt|_htaccess)$">
    order deny,allow
    deny from all
</FilesMatch>

Thanks!
(0001339)
marclaporte   
2015-01-20 22:46   
Never mind about Allow [.htaccess] Override -> I rebooted server and now it works.

Thanks!
(0001363)
marclaporte   
2015-01-30 17:13   
For the record:
https://github.com/clearos/app-flexshare/commit/c5cbb2a5b07c5814f84f9763dfdb0c0b57ac92f2 [^]

Thanks!
(0001471)
marclaporte   
2015-04-20 11:34   
Backported to 6.x:
https://github.com/clearos/app-flexshare/commit/c83ecad784a7b258ce4495e0c6515f988b795b96 [^]

So it will appear in a future update of the app.
(0002671)
user2   
2016-02-25 09:15   
Tracker cleanup. This was resolved in May 2015.