View Issue Details

IDProjectCategoryView StatusLast Update
0009937phpList 3 applicationConfigurationpublic21-06-18 13:00
ReporterTki2000 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.10.3 
Target VersionFixed in Version 
Summary0009937: Internal Server Error (.htaccess file problems with Apache configurations)
DescriptionThis issue will give you an "Internal Server Error" page.

There are troubles with .htaccess files in phplist and Apache configurations if your Apache is not configured with "AllowOverride All" in httpd.conf file.
Another configuration I found working is "AllowOverride Options AuthConfig Indexes Limit" but this is only possible if you have access to the Apache server config file and this is probably not possible.

A quick FIX is to TAKE AWAY the .htaccess files in dirs "/lists" and "/admin" (and probably in any other dir where .htaccess may reside), but it will open some security related issues. If this is the case, try to use the .htaccess files to authenticate the users that may have access to files and not to deny the files.
Tagsdocumentation

Relationships

child of 0010998 new Enhance security 

Activities

michiel

23-05-12 13:23

manager   ~0051609

bit of a catch 22.

I'd rather not remove the .htaccess files, and open up the system, but yes, it's awkward that it causes the 500 errors. I guess this should be clearly documented with options what to do about it, and what impact that has.

raynau

23-05-12 22:50

reporter   ~0051618

Solution is given in forum and is very simple and clear.
1°) Last line of the htaccess must be commented and becomes :
#php_flag magic_quotes_gpc on

2°) You must create or do a php.ini with these two lines at the root (same place than the htaccess :
php_flag magic_quotes_gpc=on
magic_quotes_gpc=1

it works perfectly and the security is still on.

michiel

23-05-12 23:37

manager   ~0051619

well, that may work in some cases, but it's possible the other directives in the file cause a 500 as well.

raynau

23-05-12 23:49

reporter   ~0051621

This fits for Apache GCI which from what I have read are more protected.
Most servers are set on that way now on the Continent and all big hosting-compagnies are using Apache CGI because it is more protected.
So there is not to delete or change any htacess in other parts of the program.

raynau

24-05-12 19:14

reporter   ~0051624

You wrote :
"well, that may work in some cases, but it's possible the other directives in the file cause a 500 as well. "

I can say, I use the system that I have described and I never get an other 500 error when using the soft.
Moreover the question is from 2007 and it has been resolved with either yourself or people in the forum.
If that system was not running correctly, there should have been people telling it in the forum. The only problem they meet is when they do not respect the architecture /lists and /lists/admin.


michiel

31-10-12 15:18

manager   ~0051829

http://phplist.svn.sourceforge.net/phplist/?rev=3386&view=rev