Hi there here is my server configuration:
DEBIAN 32Bits / PHP 5 / Apache
Server version: Apache/2.2.3
– Server built: Mar 22 2008 09:29:10
The AccessFiles :
grep -ni AccessFileName *
apache2.conf:134:AccessFileName .htaccess
apache2.conf:667:AccessFileName .httpdoverride
All the AllowOverride statements in my apache2/ folder.
mods-available/userdir.conf:6: AllowOverride Indexes AuthConfig Limit
mods-available/userdir.conf:16: AllowOverride FileInfo AuthConfig Limit
mods-enabled/userdir.conf:6: AllowOverride Indexes AuthConfig Limit
mods-enabled/userdir.conf:16: AllowOverride FileInfo AuthConfig Limit
sites-enabled/default:8: AllowOverride All
sites-enabled/default:14: AllowOverride All
sites-enabled/default:19: AllowOverride All
sites-enabled/default:24: AllowOverride All
sites-enabled/default:42: AllowOverride All
The sites-enabled/default file :
1 <VirtualHost *>
2 ServerAdmin admin@site.com
3 ServerName mysite.com
4 ServerAlias mysite.com
5 DocumentRoot /var/www/mysite.com/
6 <Directory />
7 Options FollowSymLinks
8 AllowOverride All
9 Order Deny,Allow
10 Deny from all
11 </Directory>
12 <Directory /var/www/mysite.com/>
13 Options Indexes FollowSymLinks MultiViews
14 AllowOverride All
15 Order allow,deny
16 allow from all
17 </Directory>
18 <Directory /var/www/mysite.com/test/>
19 AllowOverride All
20 </Directory>
21
22 ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
23 <Directory "/usr/lib/cgi-bin">
24 AllowOverride All
25 Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
26 Order allow,deny
27 Allow from all
28 </Directory>
29
30 ErrorLog /var/log/apache2/error.log
31
32 # Possible values include: debug, info, notice, warn, error, crit,
33 # alert, emerg.
34 LogLevel warn
35
36 CustomLog /var/log/apache2/access.log combined
37 ServerSignature Off
38
39 Alias /doc/ "/usr/share/doc/"
40 <Directory "/usr/share/doc/">
41 Options Indexes MultiViews FollowSymLinks
42 AllowOverride All
43 Order deny,allow
44 Deny from all
45 Allow from 127.0.0.0/255.0.0.0 ::1/128
46 </Directory>
47
48
49
50
51
52
53
54 </VirtualHost>
If i change any Allow from all in Deny from all , it works whenever i put it.
I've got one .htaccess at /mysite.com/.htaccess & one at /mysite.com/test/.htaccess
with:
Order Deny,Allow
Deny from all
Neither of them work i can still see my website. I've got mod_rewrite enabled but i don't think it does anything here.
I've tried almost everything :/ It works on my local environnement (MAMP) but fails when on my Debian server.
Best Answer
.htaccess files can interact with the main config in unobvious ways. In your case your problem is that you have access control bot in your httpd.conf and your .htaccess file. And they get both applied.
You have in your config:
And in your .htaccess file:
So the end result is as if the permissions are:
Which means that everyone gets access. In this case you should use "Order Allow, Deny".
You should however not use .htaccess files at all if you have access to the main config. .htaccess files exist as a workaround for cases where you don't have the right to edit the main config (like shared hosting) but if you can edit the main config you should use that.
.htaccess files have a lot of disadvantages. They are only read at request time, and only after the server has translated the URL to a file system resource. They are not read when the server startes. This means that the .htaccess files are possibly read at every request (causing a performance hit), but sometimes not read ever.