PEAK XOOPS - Editing .htaccess gives 500 Internal Server Error 
Editing .htaccess gives 500 Internal Server Error
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2005/12/2 6:15
Xooby
Posts: 15
Posts: 15
I've just installed Protector (latest version from this site) onto a new 2.2.3 Final version of Xoops and having run the security advisory I added the two suggested lines to .htaccess file in my web root.
(i.e
php_flag register_globals off
php_flag session.use_trans_sid off
)
If I do this then the next access to the site gives a 500 Internal Server Error page.
If I remove the lines, everything returns to normal.
Anybody any ideas as to what is happeining here? I seem to recall that I did the same with an earlier version of Xoops and Protector last year and this problem did not occur.
Regards
(i.e
php_flag register_globals off
php_flag session.use_trans_sid off
)
If I do this then the next access to the site gives a 500 Internal Server Error page.
If I remove the lines, everything returns to normal.
Anybody any ideas as to what is happeining here? I seem to recall that I did the same with an earlier version of Xoops and Protector last year and this problem did not occur.
Regards
Votes:1
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
Simple reason.
The site doesnot allow you to change such settings.
You can claim it to the admin or change the hosting service.
The site doesnot allow you to change such settings.
You can claim it to the admin or change the hosting service.
Votes:0
Average:0.00
Xooby
Posts: 15
Posts: 15
Thanks GIJoe. Actually web hosters have told me that these lines shouldn't be in .htaccess and are putting them into php.ini for me so hopefully the situation will be resolved. 
BTW, I am able to add
<Files ~ "mainfile.php">
Order allow,deny
Deny from all
</Files>
as suggested in Xoops Security FAQ so perhaps php directives don't belong in .htaccess or am I missing something?
BTW, I am able to add
<Files ~ "mainfile.php">
Order allow,deny
Deny from all
</Files>
as suggested in Xoops Security FAQ so perhaps php directives don't belong in .htaccess or am I missing something?
Votes:0
Average:0.00
Xooby
Posts: 15
Posts: 15
Web hosters have gotten back to me and proven (via a phpinfo() dump) that the php settings are off for session.use_trans_sid and register_globals, both in the master value and local (my site) settings. However, Protector's Security Advisory is still saying they are on!
Xoops 2.0.13.2
Protector 2.52
So I'm now happy that site is protected but need to resolve why Protector saying it is not.
Kind Regards
Ashley
Xoops 2.0.13.2
Protector 2.52
So I'm now happy that site is protected but need to resolve why Protector saying it is not.
Kind Regards
Ashley
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
Check .htaccess exists or not in XOOPS root or modules/ or modules/protector/
Votes:0
Average:0.00
Xooby
Posts: 15
Posts: 15
Yes .htaccess exist in xoops root. As mentioned before, I cannot put the values in it.
It does not exist in modules or modules/protector (or any other directory other than root for that matter)
Ashley
It does not exist in modules or modules/protector (or any other directory other than root for that matter)
Ashley
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
Did you check register_globals=off in XOOPS root?
If so, don't worry about Protector's advisory.
If so, don't worry about Protector's advisory.
Votes:0
Average:0.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2005/12/8 4:44
Xooby
Posts: 15
Posts: 15
I've resolved this with the hosters who've given me my own php.ini. BTW, from my reading of docs on .htaccess, it is something that the server admins can allow you to do, i.e. put php directives in it. My hosters don't allow it, but as I said it's resolved now.
Thanks
Ashley
Thanks
Ashley
Votes:0
Average:0.00
Login