You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ja...@nixsecurity.org on 2010/09/03 17:49:42 UTC
Re: Re: Re: [users@httpd] 500 internal server error running
php application
Could you possibly paste the contents of the .htaccess file?
>---- Original Message ----
>From: J Wilson <tr...@yahoo.com>
>To: users@httpd.apache.org
>Sent: Fri, Sep 3, 2010, 11:47 AM
>Subject: Re: Re: [users@httpd] 500 internal server error running php application
>
>Error Log:
>
>/home/webdir/www/catalog/includes/.htaccess: order not allowed here, referer: http://www.mydomain.com/catalog/
>
>[Fri Sep 03 11:34:34 2010] [alert] [client ip.add.re.ss] /home/webdir/www/catalog/zc_install/.htaccess: DirectoryIndex not allowed here, referer: http://www.mydomain.com/catalog/
>
>
>
>
>--- On Fri, 9/3/10, james@nixsecurity.org <ja...@nixsecurity.org> wrote:
>
>> From: james@nixsecurity.org <ja...@nixsecurity.org>
>> Subject: Re: Re: [users@httpd] 500 internal server error running php application
>> To: users@httpd.apache.org
>> Date: Friday, September 3, 2010, 9:39 AM
>> I'd also take a look at the Apache
>> error_log to see if there's any indication evident there.
>> Keep in mind that if the PHP code suppresses error reporting
>> (by prefixing expressions with the @ character) then nothing
>> will be reported.
>>
>> >---- Original Message ----
>> >From: Eric Covener <co...@gmail.com>
>> >To: users@httpd.apache.org
>> >Sent: Fri, Sep 3, 2010, 9:35 AM
>> >Subject: Re: [users@httpd] 500 internal server error
>> running php application
>> >
>> >On Fri, Sep 3, 2010 at 9:31 AM, chris h <ch...@gmail.com>
>> wrote:
>> >> Does a failed PHP script not show a PHP error as
>> well as send a 500 response
>> >> code?
>> >>
>> >
>> ><fajita> White Screen Of Death, one of PHP's
>> specialties. It is
>> >produced when an error has occurred in a PHP script and
>> the error
>> >
>> reporting goes either to the
>> error log or to
>> >nowhere. To solve it, look for the error reporting
>> settings in php.ini
>> >(or use
>> >
>> ini_set()). Also check the
>> error log (see step
>> >one). Further questions MUST GO TO ##PHP.
>> >
>> >
>> >--
>> >Eric Covener
>> >covener@gmail.com
>> >
>> >---------------------------------------------------------------------
>> >The official User-To-User support forum of the Apache
>> HTTP Server Project.
>> >See <URL:http://httpd.apache.org/userslist.html> for more
>> info.
>> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> > " from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>> >For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more
>> info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Re: Re: [users@httpd] 500 internal server error running php application
Posted by J Wilson <tr...@yahoo.com>.
There are two .htaccess. They are both included in Zen-Cart, these are the .htaccess files that the apache error logs seem to be having a problem with - this is a newer version of Zen Cart, I don't remember them being in the older versions I am currently running:
# @copyright Copyright 2003-2010 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################
# deny *everything*
<FilesMatch ".*">
Order Allow,Deny
Deny from all
</FilesMatch>
# but now allow just *certain* necessary files:
<FilesMatch ".*\.(js|JS|css|CSS|jpg|JPG|gif|GIF|png|PNG|swf|SWF)$">
Order Allow,Deny
Allow from all
</FilesMatch>
IndexIgnore */*
## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI
~
~
And the second .htaccess:
#
# @copyright Copyright 2003-2010 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################
# deny *everything*
<FilesMatch ".*">
Order Allow,Deny
Deny from all
</FilesMatch>
# but now allow just *certain* necessary files:
<FilesMatch ".*\.(js|css|jpg|JPG|gif|GIF|png|PNG)$">
Order Allow,Deny
Allow from all
</FilesMatch>
IndexIgnore */*
~
~
~
~
~
--- On Fri, 9/3/10, james@nixsecurity.org <ja...@nixsecurity.org> wrote:
> From: james@nixsecurity.org <ja...@nixsecurity.org>
> Subject: Re: Re: Re: [users@httpd] 500 internal server error running php application
> To: users@httpd.apache.org
> Date: Friday, September 3, 2010, 11:49 AM
>
> Could you possibly paste the contents of the .htaccess
> file?
>
> >---- Original Message ----
> >From: J Wilson <tr...@yahoo.com>
> >To: users@httpd.apache.org
> >Sent: Fri, Sep 3, 2010, 11:47 AM
> >Subject: Re: Re: [users@httpd] 500 internal server
> error running php application
> >
> >Error Log:
> >
> >/home/webdir/www/catalog/includes/.htaccess: order not
> allowed here, referer: http://www.mydomain.com/catalog/
> >
> >[Fri Sep 03 11:34:34 2010] [alert] [client
> ip.add.re.ss] /home/webdir/www/catalog/zc_install/.htaccess:
> DirectoryIndex not allowed here, referer: http://www.mydomain.com/catalog/
> >
> >
> >
> >
> >--- On Fri, 9/3/10, james@nixsecurity.org
> <ja...@nixsecurity.org>
> wrote:
> >
> >> From: james@nixsecurity.org
> <ja...@nixsecurity.org>
> >> Subject: Re: Re: [users@httpd] 500 internal server
> error running php application
> >> To: users@httpd.apache.org
> >> Date: Friday, September 3, 2010, 9:39 AM
> >> I'd also take a look at the Apache
> >> error_log to see if there's any indication evident
> there.
> >> Keep in mind that if the PHP code suppresses error
> reporting
> >> (by prefixing expressions with the @ character)
> then nothing
> >> will be reported.
> >>
> >> >---- Original Message ----
> >> >From: Eric Covener <co...@gmail.com>
> >> >To: users@httpd.apache.org
> >> >Sent: Fri, Sep 3, 2010, 9:35 AM
> >> >Subject: Re: [users@httpd] 500 internal server
> error
> >> running php application
> >> >
> >> >On Fri, Sep 3, 2010 at 9:31 AM, chris h <ch...@gmail.com>
> >> wrote:
> >> >> Does a failed PHP script not show
> a PHP error as
> >> well as send a 500 response
> >> >> code?
> >> >>
> >> >
> >> ><fajita> White Screen Of Death, one of
> PHP's
> >> specialties. It is
> >> >produced when an error has occurred in a PHP
> script and
> >> the error
> >> >
> >> reporting goes either to the
> >> error log or to
> >> >nowhere. To solve it, look for the error
> reporting
> >> settings in php.ini
> >> >(or use
> >> >
> >> ini_set()). Also check the
> >> error log (see step
> >> >one). Further questions MUST GO TO ##PHP.
> >> >
> >> >
> >> >--
> >> >Eric Covener
> >> >covener@gmail.com
> >> >
> >>
> >---------------------------------------------------------------------
> >> >The official User-To-User support forum of the
> Apache
> >> HTTP Server Project.
> >> >See <URL:http://httpd.apache.org/userslist.html> for more
> >> info.
> >> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> > " from the digest:
> >> users-digest-unsubscribe@httpd.apache.org
> >> >For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the
> Apache HTTP
> >> Server Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more
> >> info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> " from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >
> >
> >
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache
> HTTP Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org