Re: [users@httpd] Help with Apache Configuration in Dockerized PHP Application

[Frank Gingras]

On Tue., Oct. 8, 2024, 1:13 a.m. Abhijith, <learnawse...@gmail.com> wrote:

> Hi,
> Yes, In the the root directory there is .htaccess file, the content of the
> file is
> ```
> RewriteEngine on
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteCond $1 !^(index\.php|robots\.txt|favicon\.ico)
> RewriteRule ^(.*)$ /index.php/$1 [L]
> ```
>
> Since by @Eric's suggestion I changed the configuration of httpd.con, like
> ```
> <Files ".ht*">
>     Require all granted
> </Files>
> ```
>
> Now the error is gone, but there is a new error but it is related with the
> docker configuration.
> Thanks for the helpful insights.
>
> On Mon, 7 Oct 2024 at 19:22, Frank Gingras <thu...@apache.org> wrote:
>
>>
>>
>> On Mon, Oct 7, 2024 at 7:51 AM Eric Covener <cove...@gmail.com> wrote:
>>
>>> On Mon, Oct 7, 2024 at 7:12 AM Eric Covener <cove...@gmail.com> wrote:
>>> >
>>> > >> [Sun Oct 06 10:02:48.889047 2024] [authz_core:error] [pid 10:tid
>>> 131326541519672] [client 192.168.16.1:49194] AH01630: client denied by
>>> server configuration:
>>> /usr/local/apache2/htdocs/apps/admin/public_html/.htaccess
>>> >
>>> > This error means it's not filesystem permissions.  Are there other
>>> > vhosts/*.conf you didn't show?  apachectl -S from within the container
>>> > would summarize it.
>>>
>>> Based on the error, It seems like you may be unexpectedly accessing
>>> the .htaccess file directly via a HTTP client, which is rejected by
>>> design with this snippet:
>>>
>>> <Files ".ht*">
>>>     Require all denied
>>> </Files>
>>>
>>>
>>>
>>> --
>>> Eric Covener
>>> cove...@gmail.com
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>> I am concerned about anything trying to request the .htaccess file
>> directly as well; it sounds like a broken application/script.
>>
>
That would be a mistake, since those files are not meant to be accessed
directly.

They are blocked by default for security reasons.

>