Re: [users@httpd] Help with Apache Configuration in Dockerized PHP Application

Tue, 08 Oct 2024 20:11:55 -0700 

Yes,  I understand that now. That I shouldn't allow clients to access my
.httaccess file. I don't know why the error occuring

On Tue, 8 Oct 2024, 17:47 Frank Gingras, <thu...@apache.org> wrote:

>
>
> On Tue., Oct. 8, 2024, 1:13 a.m. Abhijith, <learnawse...@gmail.com> wrote:
>
>> Hi,
>> Yes, In the the root directory there is .htaccess file, the content of
>> the file is
>> ```
>> RewriteEngine on
>> RewriteCond %{REQUEST_FILENAME} !-f
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteCond $1 !^(index\.php|robots\.txt|favicon\.ico)
>> RewriteRule ^(.*)$ /index.php/$1 [L]
>> ```
>>
>> Since by @Eric's suggestion I changed the configuration of httpd.con, like
>> ```
>> <Files ".ht*">
>>     Require all granted
>> </Files>
>> ```
>>
>> Now the error is gone, but there is a new error but it is related with
>> the docker configuration.
>> Thanks for the helpful insights.
>>
>> On Mon, 7 Oct 2024 at 19:22, Frank Gingras <thu...@apache.org> wrote:
>>
>>>
>>>
>>> On Mon, Oct 7, 2024 at 7:51 AM Eric Covener <cove...@gmail.com> wrote:
>>>
>>>> On Mon, Oct 7, 2024 at 7:12 AM Eric Covener <cove...@gmail.com> wrote:
>>>> >
>>>> > >> [Sun Oct 06 10:02:48.889047 2024] [authz_core:error] [pid 10:tid
>>>> 131326541519672] [client 192.168.16.1:49194] AH01630: client denied by
>>>> server configuration:
>>>> /usr/local/apache2/htdocs/apps/admin/public_html/.htaccess
>>>> >
>>>> > This error means it's not filesystem permissions.  Are there other
>>>> > vhosts/*.conf you didn't show?  apachectl -S from within the container
>>>> > would summarize it.
>>>>
>>>> Based on the error, It seems like you may be unexpectedly accessing
>>>> the .htaccess file directly via a HTTP client, which is rejected by
>>>> design with this snippet:
>>>>
>>>> <Files ".ht*">
>>>>     Require all denied
>>>> </Files>
>>>>
>>>>
>>>>
>>>> --
>>>> Eric Covener
>>>> cove...@gmail.com
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>>
>>>>
>>> I am concerned about anything trying to request the .htaccess file
>>> directly as well; it sounds like a broken application/script.
>>>
>>
> That would be a mistake, since those files are not meant to be accessed
> directly.
>
> They are blocked by default for security reasons.
>
>>

Reply via email to