Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2005-10-11 05:14:01

jeeves
Member
Registered: 2004-06-14
Posts: 31

404 error on password protected directories after 4.01 upgrade

After upgrading from 1.0rc3 to 4.01 I am suddenly unable to access a folder protected with .htaccess authentication. I use PHPlist along with Textapattern so I need to keep people from poking around in my domainame.com/lists/admin folder.

After a little experimenting I discovered the following:
  1. deleting the top .htaccess in my public_html directory fixes the problem (but breaks clean URLs in Textpattern)
  2. Removing the lines dealing with .htaccess authentication in my /home/jeeves/public_html/lists/admin folder will fix the problem (but is not a very safe way to run Phplist)
  3. Uncommenting the #DirectoryIndex line in my main .htaccess file does not work
  4. Uncommenting the RewriteBase line in the main .htaccess file causes “Internal Server Error” on all pages except the password protected ones.
  5. Lee’s fix to a similar problem did not work for me

Any ideas to fix this would be very much appreciated.

Here is what I have in my .htaccess file in the PHPlist admin directory /home/jeeves/public_html/lists/admin

<code>
<FilesMatch “\.(php|inc)$”>
Order allow,deny
deny from all
</FilesMatch>
<FilesMatch “index.php$”>
Order allow,deny
allow from all
</FilesMatch>
AuthType Basic
AuthName “Locked Area”
AuthUserFile /home/jeeves/.htpasswd
require valid-user
</code>

And here is what I get from the txp diagnostic:

<code>
Textpattern version: 4.0.1 (r888)
last_update: 2005-10-09 04:24:54/2005-10-09 04:16:06
Document root: /home/jeeves/public_html
$path_to_site: /home/jeeves/public_html
Textpattern path: /home/jeeves/public_html/textpattern
Permanent link mode: section_id_title
open_basedir: /home/jeeves/:/usr/lib/php:/usr/local/lib/php:/tmp
Temp folder: /tmp
PHP version: 4.3.10
Register globals: 1
Magic quotes: 1/0
MySQL: 4.1.13-standard
Locale: en_US.UTF-8
Server:
Apache version:
Pre-flight check:
————————————
Clean URLs are only supported for apache, use at your own risk
</code>

————————————
.htaccess file contents:
————————————
<code>
DirectoryIndex index.php index.html
#Options +FollowSymLinks
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^(.+) – [PT,L]
RewriteRule ^(.*) index.php
</IfModule>
————————————
</code>

Offline

#2 2005-10-11 10:46:27

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: 404 error on password protected directories after 4.01 upgrade

Can you try some of the things I mention here:

http://forum.textpattern.com/viewtopic.php?pid=76033#p76033

Otherwise with Lee’s tips: Can you show exactly what you used and where you put it? Maybe just removing a $ or sth. similar might fix the problem.

Offline

#3 2005-10-11 11:32:21

jeeves
Member
Registered: 2004-06-14
Posts: 31

Re: 404 error on password protected directories after 4.01 upgrade

Thanks. Phplist does not need re write rules, so I tried adding both <code>RewriteEngine Off</code> and <code>RewriteRule .* – [PT,L]</code> to the top line of of the .htaccess in <b>/home/jeeves/public_html/lists/admin</b> directory. This is the directory I am trying to protect with .htaccess. No effect from adding either line.

Then, I tried Lee’s fix again. So I modified the .htaccess in my root web directory (public_html) so it reads:

<code>RewriteCond %{REQUEST_URI} ^/lists/admin/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/failed_auth.html$
RewriteRule ^.*$ – [L]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) – [PT,L]
RewriteRule ^(.*) index.php
</IfModule></code>

Again, there was no change.

Offline

#4 2005-10-11 12:00:14

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: 404 error on password protected directories after 4.01 upgrade

Try this at the top:
<code>
RewriteCond %{REQUEST_URI} ^lists/? [OR]
RewriteCond %{REQUEST_URI} ^failed_auth.html$
RewriteRule ^.*$ – [L]
</code>

Another unrelated question, but very important for us:

Uncommenting the RewriteBase line in the main .htaccess file causes “Internal Server Error” on all pages except the password protected ones.

What was the exact line you used? Which path did you use?

Offline

#5 2005-10-11 13:06:27

jeeves
Member
Registered: 2004-06-14
Posts: 31

Re: 404 error on password protected directories after 4.01 upgrade

Thanks again. First, as you suggeted, I tried the following at the top of the .htaccess in of the <b>/home/jeeves/public_html/</b> directory:
<code>
RewriteCond %{REQUEST_URI} ^lists/? [OR]
RewriteCond %{REQUEST_URI} ^failed_auth.html$
RewriteRule ^.*$ – [L]
</code>

No change

Then I tried uncommenting the RewriteBase line in that same .htaccess file. So the files contents was then:

<code>
RewriteBase /home/jeeves/public_html/
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) – [PT,L]
RewriteRule ^(.*) index.php
</IfModule>
</code>

This made .htaccess password protection WORK in my <b>/home/jeeves/public_html/lists/admin</b> folder, BUT it causes most of Textpattern to stop working. However, if I typed in an “index.php” at the end of the base URL I could get the home page to display, but otherwise I just would get an “Internal Server Error” on all the other sections:

<code>
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.33 Server
</code>

Offline

#6 2005-10-11 13:13:52

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: 404 error on password protected directories after 4.01 upgrade

RewriteBase /home/jeeves/public_html/

Misunderstanding there, I almost suspected that. You must use the path with respect to your domain. This has nothing to do with physical filesystem paths.

http://textpattern.com/weblog/20/clean-urls-on-different-hosts

I am guessing (because I don’t actually know how it’s installed for you) that you must simply use:

RewriteBase /

Offline

#7 2005-10-11 13:36:56

jeeves
Member
Registered: 2004-06-14
Posts: 31

Re: 404 error on password protected directories after 4.01 upgrade

&quot;You must use the path with respect to your domain&quot;

Yikes! I did not know that.

Since I have Textpattern installed at my webroot, I just tried making that RewriteBase line say simply <code>RewriteBase /</code>

That gets all of Texpattern working again, but now .htaccess password protection stopped working on <b>/home/jeeves/public_html/lists/admin</b>

Offline

#8 2005-10-11 13:51:00

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: 404 error on password protected directories after 4.01 upgrade

Who is your hoster?
Can you e-mail them and ask for specific technical detail on they map domains to pyhsical directories, use virtual hosts or mod_rewrite rules themselves? This may be asking a bit too much, so I don’t know whether they will give you that detailed information, but given that some people do have this problem and we have not been able to reproduce the problem here, I would really appreciate if you asked. Once we can reproduce it, we may be able to find a general solution.

Offline

#9 2005-10-13 06:11:28

jeeves
Member
Registered: 2004-06-14
Posts: 31

Re: 404 error on password protected directories after 4.01 upgrade

Ok, I finally heard back from Hosting Matters on details on their configuration. Unfortunately they did not go into that much detail, but they did answer the question:

“Virtual hosts. .htaccess files are recursive, so whatever you have in the top level of your account will affect everything on down.”

Offline

#10 2005-10-13 18:18:30

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,323
Website Mastodon

Re: 404 error on password protected directories after 4.01 upgrade

> Sencer wrote:

Who is your hoster?
Can you e-mail them and ask for specific technical detail on they map domains to pyhsical directories, use virtual hosts or mod_rewrite rules themselves?

I am experiencing exactly the same symptoms as jeeves:
I can have either clean URLs with RewriteRules, or .htpasswd protected folders. As soon as I enable URL rewriting, requests for password protected folders are handled by Textpattern’s 404 code. Neither RewriteBase / nor Options +FollowSymLinks will change this.

Thus I asked my web host to reveal their config. Here’s what he told me:

<blockquote>
We use virtualhosts, I.E.
<code>
&lt;VirtualHost 208.10.141.2&gt;
ServerAlias www.example.com example.com
ServerAdmin webmaster@example.com
DocumentRoot /home/example/public_html
ServerName www.example.com
&lt;IfModule mod_userdir.c&gt;
Userdir disabled
Userdir enabled xxxxxx
&lt;/IfModule&gt;
User xxxxxx
Group xxxxxx
&lt;/VirtualHost&gt;
</code>
</blockquote>

httpd is Apache 1.3.33 (Unix). Will this shed any light on these quirks?

//w&

Last edited by wet (2006-11-02 08:59:38)

Offline

#11 2005-11-16 05:18:16

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,323
Website Mastodon

Re: 404 error on password protected directories after 4.01 upgrade

bump

Offline

#12 2005-11-16 10:15:17

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: 404 error on password protected directories after 4.01 upgrade

Unfortunately I was still not able to reproduce the problem. :-/

I guess I need access to a site with this problem (a site that obviously is only a test-site) to experiment with it.

Offline

Board footer

Powered by FluxBB