This directive in .htaccess:
<Files wp-config.php>
order allow,deny
deny from all
</Files>
Gives me error 500. Ave you maybe got some good idea about?
Thank you
Two possibilities jump to mind:
First, usually I see the filename quoted: <Files "wp-config.php">. I forget whether Apache requires quotes or not, so try this and see if that fixes the problem.
Second, your Apache server administrator may not have enabled the required AllowOverride permissions to allow you to do this.
In either case, checking the Apache error logs will reveal the true problem.
Related
I installed OpenStack Dashboard following Installation Guide here:
https://docs.openstack.org/horizon/wallaby/install/install-rdo.html
Not very compicated but Dashboad does not work. After the first access, there was only "Forbidden"
status for url http://localhost/dashboard/. Then I investigated /etc/httpd/conf.d/openstack-dashboard.conf file (it's content below) and noticed that the whole wsgi directory missing on the system. I tried to correct WSGISriptAlias to some another location in /usr/share/openstack-dashboard directory structure (for example, I tried with /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py) but it then status was Not Found and URL was redirected to http://localhost/auth/login/?next=/dashboard/.
I am not very familiar with web development so I don't completely understand what it means but after that I tried to find some solution on internet and I found this on Ask OpenStack:
https://ask.openstack.org/en/question/13952/horizon-apache-launch-error/
I tried with that solution but neither this helped me, after configuring the server according to that page, nothing appears on the page, only "Not Found". Please can someone help me to find some solution for this problem?
Thanks.
Here is content of the original /etc/httpd/conf.d/openstack-dashboard.conf file:
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
allow from all
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
allow from all
</Directory>
to not bother you anymore with my stupid questions,
I found solution on another place which says that I have to add WEBROOT directive to
/etc/openstack-dashboard/Local_settings which was missing.
Thanks.
Regards.
I'm trying to add a MP4 video to my media library. It doesn't give any error but when I try to play the video it gives this message inside the video player:
Media error: Format(s) not supported or source(s) not found
The video size is 2MB.
There seems to be a bug in WordPress Core about this:
https://core.trac.wordpress.org/ticket/42874#comment:8
An issue is also opened in the mediaelement GH repo:
https://github.com/mediaelement/mediaelement/issues/2390
The actual problem comes from Safari:
IMPORTANT NOTE for Safari users (Jun 8, 2017)
Since Sierra version, autoplay policies have changed. You may experience an error if you try to execute play programatically or via autoplay attribute with MediaElement, unless muted attribute is specified.
I've also bumped into this issue, but can only reproduce it in Safari, it works on Chrome and Firefox.
Hope this helps!
Make sure the filename has no spaces, apostrophes, slashes or other non-alphanumeric characters (such as $, % and &). Rename the file before uploading if it does. To preserve readability, it's work for me
Check if there is a .htaccess file in the <wp-root>/wp-content folder of your wordpress installation, this file determines which file the webserver is allowed to make available for download. (You will need access to the server for this, you cannot do this from WordPress itself, I think.)
In my case, this file looked as follows:
# Disable access to all file types except the following
Order deny,allow
Deny from all
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
Allow from all
</Files>
Which means: only allow downloading files with the listed extentions. Any other file (such as mp4) would result in a 403 - Forbidden error.
Fix the problem by adding the mp4 to the list of allowed files:
...
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar|mp4)$">
...
After spending several hours trying to find a solution i finally have!
I managed to fix the issue by just changing the file name of the MP4. I had the file name as "video_300x250.mp4". by changing it o simply "video_01.mp4" it fixed the issue for me.
I literally spent so long trying to re-install wordpress, mess about with SSL and plenty of other stuff. Trying to google it no one has found any answer. It might be the fact that there are numbers with the letter "x" in it, or some other combination of letters which doesn't work.
I hope this helps for anyone searching for this.
The easiest solution I came up with is to change the video's format to webm from mp4 that will solve the issue.
Upload your video to YouTube then download it and upload the YouTube download to Wordpress and it works.
I tried a lot for this problem.
But I did not get the result.
and one way fix error is to
delete this code
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
and
The problem was solved
I have an rewrite recursion error somewhere on my website that Google Bot caused, but I can't find the url that caused it because my Loglevel is low. I raised it but it has not happened again so far.
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
All Rewriterules look fine to me and have the [L] flag, except this one.
I can't quite understand it. It is from the open source shop system Magento.
As far as I can tell it does nothing but sets the environment variable E. But isn't that a very stupid way of doing that? Shouldn't you use SetEnv if that was the goal?
Symfony developers Group has a good answer for it. I quote:
it looks like your hosting is running php as a fcgi, not a php5_module, like your localhost does. ( phpinfo - Server API: CGI/FastCGI )
the point is that php5_module automatically handles HTTP_AUTHORIZATION headers, but fcgi_module does not.
solution is simple - add this line to your .htacces on your hosting server:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
It worked for me
This line is setting the environment variable to the value of user authentication string - essentially setting a variable rather than constant value. As far as I know, SetEnv and SetEnvIf only allow you to set an environment variable to a predetermined constant.
The variable being set is actually HTTP_AUTHORIZATION, not E. I would guess this is part of the user authentication process.
I have been look around trying to get this working right for a while now, and finally bit the bullet and posted here.
I've got a LAMP stack with ModSecurity using the OWASP core rule set (v 2.2.5) and just installed Wordpress. I expected conflicts with ModSecurity, but I haven't been able to ignore or work aroudn the only error I've encountered so far.
The Apache error.log file and the modsec_audit.log both list the same error:
ModSecurity: Rule 7f5d9a449228 [id "950901"][file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null).`
I've tried creating a new .conf file where the crs conf files are located containing
<LocationMatch .*>
<IfModule mod_security2.c>
SecRuleRemoveById 950901
</IfModule>
</LocationMatch>
and even removed the IfModule statement and then LocationMatch statement when it didn't work.
Finally I resorted to commenting out lines 76 and 77 in the .conf file, and the error still appeared. This also had no effect.
Only changing SecRuleEngine to Off in modsecurity.conf finally let me access the page. Of course this defeats the purpose of ModSec.
Where am I going wrong?
Try adding this to your php.ini file (or included conf file):
pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000
And then this to your modsecurity.conf:
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
This should allow for recursion without having to fully disable mod_security.
Most htaccess 404 error rules are based on an absolute directory location, eg /404.php. I want one that is relative to the location it's placed in (so when I transfer from test environment in WAMP to live, I don't have to hope I edit the file right).
Unfortunately,
ErrorDocument 404 404Error.php
Just prints out 404Error.php to the browser, it doesn't call the actual error page like
ErrorDocument 404 /FOOBAR/404Error.php
does.
Edit:
I guess I wasn't clear enough. Test environment is a WAMP local server, with the error file at /FOOBAR/404Error.php while the 'live' server would be www.fubar.com/404error.php -- placing it in the root.
How's this?
ErrorDocument 404 ../directory/404page.html
RewriteBase /FOOBAR/
ErrorDocument 404 404Error.php
This works too, but Tycho's solution is a bit more elegant. Only use this one if you don't plan on using .htaccess for anything outside of /FOOBAR/ pretty much.