Apache2 - Verzeichnisse schützen .htacces funktioniert nicht

Alles, was den Apache betrifft, kann hier besprochen werden.

Apache2 - Verzeichnisse schützen .htacces funktioniert nicht

Postby networker-000 » 08. September 2007 23:41

- Linux, Ubuntu Server 6.01
- Apache 2, php5, mysql
- virtueller host

Hi @ll,

ich gebe es langsam auf - nach vielen Stunden :(

meine config will einfach nicht funktionieren - könnt ihr mir helfen???

etc/apache2/sites-available/pwtest

Code: Select all
NameVirtualHost *
<VirtualHost *>
        ServerAdmin nix@test.de

        DocumentRoot /var/www/pwtest
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/pwtest/>
                Options FollowSymLinks MultiViews
                AllowOverride FileInfo
                Order Deny,allow
                Deny from all
                # Uncomment this directive is you want to see apache2's
                # default start page (in /apache2-default) when you go to /
                #RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>




/var/www/pwtest/.htaccess

Code: Select all
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /pwtest/pass
Require user pw-test-user


In der pass steht
Code: Select all
pw-test-user:kdhkjdhiihii
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Postby DJ DHG » 09. September 2007 09:45

Moin Moin!

AllowOverride None


Damit wird der Webserver angewiesen, .htaccess-Dateien zu ignorieren.

mfg DJ DHG
User avatar
DJ DHG
AF Moderator
 
Posts: 2455
Joined: 27. December 2002 13:50
Location: Kiel

Postby networker-000 » 09. September 2007 13:47

DJ DHG wrote:Damit wird der Webserver angewiesen, .htaccess-Dateien zu ignorieren.


ich möchte jedoch einen geschützen bereich erstellen - da soll doch die .htaccess NICHT ignoriert werden oder?
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Postby DJ DHG » 09. September 2007 21:26

networker-000 wrote:
DJ DHG wrote:Damit wird der Webserver angewiesen, .htaccess-Dateien zu ignorieren.


ich möchte jedoch einen geschützen bereich erstellen - da soll doch die .htaccess NICHT ignoriert werden oder?


Richtig!

mfg DJ DHG
User avatar
DJ DHG
AF Moderator
 
Posts: 2455
Joined: 27. December 2002 13:50
Location: Kiel

Postby networker-000 » 09. September 2007 22:40

:shock:

und wieso kommt dann diese Fehlermeldung ?????? hey, hier kann doch sicher jemand helfen - oder??
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Re: Apache2 - Verzeichnisse schützen .htacces funktioniert n

Postby lordal » 10. September 2007 14:17

AllowOverride FileInfo beinhaltet nicht die Auth-Anweisung, weshalb deine .htaccess so nicht funktioniert. Probier es mal AllowOverride AuthConfig.

Die Apache Doku ist bei solchen Fragen übrigens dein bester Freund.
lordal
 
Posts: 6
Joined: 10. September 2007 14:04

Re: Apache2 - Verzeichnisse schützen .htacces funktioniert n

Postby networker-000 » 11. September 2007 11:56

lordal wrote:Probier es mal AllowOverride AuthConfig.


auch mit AuthConfig

Code: Select all
NameVirtualHost *
<VirtualHost *>
        ServerAdmin nix@test.de

        DocumentRoot /var/www/pwtest
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/pwtest/>
                Options FollowSymLinks MultiViews
                AllowOverride AuthConfig
                Order Deny,allow
                Deny from all
                # Uncomment this directive is you want to see apache2's
                # default start page (in /apache2-default) when you go to /
                #RedirectMatch ^/$ /apache2-default/
        </Directory>


Es wird weiterhin diese Fehlermeldung ausgegeben:
Code: Select all
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, nix@test.de and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Apache/2.0.55 (Ubuntu) mod_auth_kerb/5.0-rc6 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a Server at ddns-server.org Port 80
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Postby Wiedmann » 11. September 2007 12:02

Code: Select all
Internal Server Error

und wieso kommt dann diese Fehlermeldung

Eigentlich steht ja schon in der Fehlermeldung was du tun sollst:
Code: Select all
More information about this error may be available in the server error log.

Bevor du da nicht reinschaust, ist alles andere nur Rumraterei.
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby networker-000 » 11. September 2007 12:35

in der error.log des apache steht:

Code: Select all
[Tue Sep 11 13:33:29 2007] [alert] [client 86.87.229.68] /var/www/pwtest/.htaccess: AuthType not allowed here


:?: :?:
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Postby Wiedmann » 11. September 2007 15:14

/var/www/pwtest/.htaccess: AuthType not allowed here

Wird der VHost, wo du das "AllowOverride AuthConfig" für das Verzeichnis "/var/www/pwtest/" drin hast, überhaupt benutzt?
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby lordal » 11. September 2007 15:24

1. Wenn du Fehlermeldungen bekommst, dann füge diese immer mit an. Wir können leider nicht erahnen, was hinter der Aussage "und wieso kommt dann diese Fehlermeldung ??????" steckt.
2. Deine nachträglich angefügte Errormeldung deutet immer noch auf einen Fehler in deiner Konfiguration hin. Genauer gesagt liegt der Fehler noch immer beim AuthTyp in deiner htaccess. Da du offensichtlich deine Conf angepasst hast, stellt sich mir die Frage, ob du danach deinen Apache mal neugestartet hast. Sobald man AuthConfig verwendet, sollten nämlich Anweisungen wie AuthTyp ohne weiteres funktionieren.
3. Ändere das "Deny from All" im Directory-Block auf "Allow from All", da du dich damit selbst ausschließt und deine Authentifizierung so oder so nicht funktioniert hätte.
lordal
 
Posts: 6
Joined: 10. September 2007 14:04

Postby networker-000 » 11. September 2007 19:39

Wiedmann wrote:Wird der VHost, wo du das "AllowOverride AuthConfig" für das Verzeichnis "/var/www/pwtest/" drin hast, überhaupt benutzt?


Ich denke doch, woran kann ich das erkennen?
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Postby networker-000 » 11. September 2007 19:43

lordal wrote:ob du danach deinen Apache mal neugestartet hast.

Ja, hab ich

Ändere das "Deny from All" im Directory-Block auf "Allow from All",


Habe ich soeben geändert.

Leider alles ohne Erfolg - das kann doch alles nicht wahr sein oder??? Es ercheint immernoch die selbe Fehlermeldung. Dem Grunde nach ist doch alles relativ einfach.....

Wer möchte sich denn mal meinen config-Dateien annehmen?? (verzweifelt bin) :( :( Ich maile auch gerne mal ein paar files.

Danke bis jetzt an alle!!
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Postby lordal » 12. September 2007 09:35

networker-000 wrote:
Wiedmann wrote:Wird der VHost, wo du das "AllowOverride AuthConfig" für das Verzeichnis "/var/www/pwtest/" drin hast, überhaupt benutzt?


Ich denke doch, woran kann ich das erkennen?

Indem du zusätzlich für das Directory AllowOverride All setzt und deinen Apache mal neu startest.

Mit der "All" Einstellung ist jede Anweisung innerhalb einer htaccess erlaubt.

Wenn es damit nicht funktioniert, funktioniert dein VH nicht. In dem Fall solltest du deine gesamte Config hier mal posten.
lordal
 
Posts: 6
Joined: 10. September 2007 14:04

Postby networker-000 » 12. September 2007 10:06

hier noch meine apache2.conf - vielleicht kommt jetzt jemand ein stück weiter - danke :)

Code: Select all
# Based upon the NCSA server configuration files originally by Rob McCool.
# Changed extensively for the Debian package by Daniel Stone <daniel@sfarc.net>
# and also by Thom May <thom@debian.org>.

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
# you will save yourself a lot of trouble.

ServerRoot "/etc/apache2"

# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.

LockFile /var/lock/apache2/accept.lock

# PidFile: The file in which the server should record its process
# identification number when it starts.

PidFile /var/run/apache2.pid

# Timeout: The number of seconds before receives and sends time out.

Timeout 300

# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.

KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.

KeepAliveTimeout 15

##
## Server-Pool Size Regulation (MPM specific)
##

# prefork MPM
# StartServers ......... number of server processes to start
# MinSpareServers ...... minimum number of server processes which are kept spare
# MaxSpareServers ...... maximum number of server processes which are kept spare
# MaxClients ........... maximum number of server processes allowed to start
# MaxRequestsPerChild .. maximum number of requests a server process serves
<IfModule prefork.c>
StartServers         5
MinSpareServers      5
MaxSpareServers     10
MaxClients          20
MaxRequestsPerChild  0
</IfModule>

# pthread MPM
# StartServers ......... initial  number of server processes to start
# MaxClients ........... maximum  number of server processes allowed to start
# MinSpareThreads ...... minimum  number of worker threads which are kept spare
# MaxSpareThreads ...... maximum  number of worker threads which are kept spare
# ThreadsPerChild ...... constant number of worker threads in each server process
# MaxRequestsPerChild .. maximum  number of requests a server process serves
<IfModule worker.c>
StartServers         2
MaxClients         150
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

# perchild MPM
# NumServers ........... constant number of server processes
# StartThreads ......... initial  number of worker threads in each server process
# MinSpareThreads ...... minimum  number of worker threads which are kept spare
# MaxSpareThreads ...... maximum  number of worker threads which are kept spare
# MaxThreadsPerChild ... maximum  number of worker threads in each server process
# MaxRequestsPerChild .. maximum  number of connections per server process (then it dies)
<IfModule perchild.c>
NumServers           5
StartThreads         5
MinSpareThreads      5
MaxSpareThreads     10
MaxThreadsPerChild  20
MaxRequestsPerChild  0
AcceptMutex fcntl
</IfModule>

User www-data
Group www-data

# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent


# Global error log.
ErrorLog /var/log/apache2/error.log

# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf

# Include all the user configurations:
Include /etc/apache2/httpd.conf

# Include ports listing
Include /etc/apache2/ports.conf

# Include generic snippets of statements
Include /etc/apache2/conf.d/[^.#]*

#Let's have some Icons, shall we?
Alias /icons/ "/usr/share/apache2/icons/"
<Directory "/usr/share/apache2/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

# Set up the default error docs.
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# Putting this all together, we can Internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections.  We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line;
#
#   Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/local/apache2/error/include/ files and
# copying them to /your/include/path/, even on a per-VirtualHost basis.
#

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    Alias /error/ "/usr/share/apache2/error/"

    <Directory "/usr/share/apache2/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority de en es fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    ErrorDocument 410 /error/HTTP_GONE.html.var
    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

</IfModule>
</IfModule>

DirectoryIndex index.html index.cgi index.pl index.php index.xhtml

# UserDir is now a module
#UserDir public_html
#UserDir disabled root

#<Directory /home/*/public_html>
#   AllowOverride FileInfo AuthConfig Limit
#   Options Indexes SymLinksIfOwnerMatch IncludesNoExec
#</Directory>

AccessFileName .htaccess

<Files ~ "^\.ht">
    Order allow,deny
   Deny from all
</Files>

UseCanonicalName Off

TypesConfig /etc/mime.types
DefaultType text/plain

HostnameLookups Off

IndexOptions FancyIndexing VersionSort

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

# This really should be .jpg.

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^


# This is from Matty J's patch. Anyone want to make the icons?
#AddIcon /icons/dirsymlink.jpg ^^SYMDIR^^
#AddIcon /icons/symlink.jpg ^^SYMLINK^^

DefaultIcon /icons/unknown.gif

ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* RCS CVS *,t

AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage ko .ko
AddLanguage pt .pt
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddLanguage zh-tw .tw

LanguagePriority de en da nl et fr el it ja ko no pl pt pt-br ltz ca es sv tw


AddDefaultCharset   ISO-8859-1

AddCharset ISO-8859-1  .iso8859-1  .latin1
AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
AddCharset ISO-8859-3  .iso8859-3  .latin3
AddCharset ISO-8859-4  .iso8859-4  .latin4
AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb   
AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5        .Big5       .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251   .win-1251
AddCharset CP866       .cp866
AddCharset KOI8-r      .koi8-r .koi8-ru
AddCharset KOI8-ru     .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8       .utf8

AddCharset GB2312      .gb2312 .gb
AddCharset utf-7       .utf7
AddCharset utf-8       .utf8
AddCharset big5          .big5 .b5
AddCharset EUC-TW      .euc-tw   
AddCharset EUC-JP      .euc-jp
AddCharset EUC-KR      .euc-kr
AddCharset shift_jis   .sjis

#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps

AddType application/x-tar .tgz

# To use CGI scripts outside /cgi-bin/:
#
#AddHandler cgi-script .cgi

# To use server-parsed HTML files
#
<FilesMatch "\.shtml(\..+)?$">
    SetOutputFilter INCLUDES
</FilesMatch>

# If you wish to use server-parsed imagemap files, use
#
#AddHandler imap-file map

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
#

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully

# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-status>
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .your_domain.com
#</Location>

# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-info>
#    SetHandler server-info
#    Order deny,allow
#    Deny from all
#    Allow from .your_domain.com
#</Location>

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/[^.#]*

[/code]
networker-000
 
Posts: 9
Joined: 08. September 2007 23:27

Next

Return to Apache

Who is online

Users browsing this forum: No registered users and 25 guests