Magento's .htaccess files will not work with Apache 2.4 #1491
Comments
|
When you say "error out" what errors are you seeing? In the error.log or elsewhere? |
|
I must confess I've not actually tried this. I run 2.4 at home, I'll try it on a server that runs 2.2 tomorrow. I've edited my comment to reflect this. |
|
Tried it on a personal web site, got a 500 error when I added a .htaccess file that said nothing but "Require all denied". Did not get a chance to check the server logs. On my home server which runs 2.4, I got a 403 instead. Edited my issue back. |
|
Hello @ToonSpin! The internal ticket has been created: MAGETWO-40314 Thank you! |
sshrewz
added
the
Issue: Ready for Work
|
@ToonSpin it looks to me like 2.4 is maintaining backward compatibility with the 2.2 style directives, can you confirm this? I tried on a machine that was running 2.4 and everything seemed to work as expected, using the old directives (order... allow from... deny from...). Thank you! |
|
You can use Apache module
Available in Apache HTTP Server 2.3 as a compatibility module with previous versions of Apache httpd 2.x. The directives provided by this module have been deprecated by the new authz refactoring. Please see mod_authz_host |
|
@dsikkema you're right; I'm running a vanilla Linux Mint 17.2 installation at home, which is based upon Ubuntu Ubuntu 14.04. I installed Apache 2 and PHP from the repositories, nothing special. The 2.2 directives work fine on my machine, even though I'm running 2.4. This is because of the The presence of the module can easily be detected by inspecting the output of Then Apache won't restart and gives me this error, suggesting that Magento 2 will in fact work fine on current Linux boxes with Apache 2.4: Maybe a mention of |
|
I've decided not to submit a PR, because I've tried fresh installs of the following distros:
I've found that Also, the dev install docs are currently very good, they are not too complicated. Adding a note about I suggest that we keep an eye out when new versions of popular server distros come out, but I'd surprised if any of them dropped In summary, as far as I'm concerned this has turned out to be a fine example of a non-issue; sorry for the fuss :). |
|
Thanks for the shout out about documentation. We're making install simpler, wait and watch... |
|
@ToonSpin thanks for raising your concern, it's the only way we can catch real issues like this in the future, and it definitely motivated us to look at the differences between 2.2 and 2.4 more in depth. |
|
Just want to point out that enabling running on win 10, and the latest apache 2.4,, php 5.6, mysql |
[chaika] MAGETWO-70859: Inconsistent behaviour of Scheduled Changes
In the Magento 2 readme, Apache 2.4 is said to be compatible with Magento, but this is not in fact the case. The
Order [...]andAllow from [...]andDeny from [...]directives have been replaced byRequiredirectives in Apache 2.4, and the old directives are silently ignored. None of the 14.htaccessfiles in the Magento 2 repository that implement the 2.2 directives, implement the 2.4 directives.This leaves folders you're trying to protect (e.g.
app,bin,dev,media/customer,media/import), open for the wide world to access on servers that run Apache 2.4, such as Debian 8 "Jessie", Ubuntu 14.04 LTS, and CentOS 7.The problem is that the new directives cause 2.2 to error out, which means that to support both, you need to use
<IfVersion>directives, but those require an Apache module, and I don't think that this module is enabled by default.In any case, I feel that the Magento team and Magento developers should be aware of this, so I thought I'd bring it to your attention.
The text was updated successfully, but these errors were encountered: