Author |
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6095
|
Posted: 06 April 2022 at 3:01am | IP Logged
|
|
|
Changing data/ directory ownership to a user your webserver runs under should be sufficient, for example:
Code:
chown -R www-data:www-data /var/www/html/afterlogic |
|
|
And see if you can access adminpanel after that. More info on this can be found at: Troubleshooting issues with data directory
Also, assuming this works out, I'd recommend to investigate why .htaccess file is causing errors. It holds two separate sections which rely on mod_rewrite and mod_access_compat respectively, one of those may be disabled. Checking webserver error log may help understand what exactly is going wrong.
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|
Cobra91151 Newbie
Joined: 04 April 2022 Location: Ukraine
Online Status: Offline Posts: 24
|
Posted: 06 April 2022 at 5:39am | IP Logged
|
|
|
Finally, I have configured it. Everything works well.
Regarding .htaccess, this files contains the following content:
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
<Files *config.json*>
order allow,deny
deny from all
</Files>
It leads to this 500 error issue. Here is the output from apache log (/var/log/apache2):
[Wed Apr 06 15:34:11.569329 2022] [core:alert] [pid 18691] [client XXX.XXX.XX.XX:0] /var/www/html/afterlogic/.htaccess: RewriteEngine not allowed here
I have checked for mod_rewrite: sudo a2enmod rewrite
[b]Output:[/b]
Module rewrite already enabled
So, what do you think about it? Thank you.
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6095
|
Posted: 06 April 2022 at 5:55am | IP Logged
|
|
|
That makes sense, seems your Apache configuration doesn't allow using rewrite directives in .htaccess. It's not uncommon to have AllowOverride set to None, while you need at least FileInfo to be allowed:
.htaccess: RewriteEngine not allowed here
Hope this helps.
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|
Cobra91151 Newbie
Joined: 04 April 2022 Location: Ukraine
Online Status: Offline Posts: 24
|
Posted: 06 April 2022 at 6:42am | IP Logged
|
|
|
I am a bit confused, where should I add the following command: AllowOverride FileInfo Options
In afterlogic .htaccess file?
Where I can find this config: AllowOverride: None? Thanks.
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6095
|
Posted: 06 April 2022 at 6:46am | IP Logged
|
|
|
It's your Apache main config. In default Ubuntu setup, that would be /etc/apache2/apache2.conf.
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|
Cobra91151 Newbie
Joined: 04 April 2022 Location: Ukraine
Online Status: Offline Posts: 24
|
Posted: 06 April 2022 at 6:48am | IP Logged
|
|
|
I do not find AllowOverride set to None there. Here is the output from this config file:
/etc/apache2/apache2.conf
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf.d
# | `-- *
# Global configuration
PidFile ${APACHE_PID_FILE}
Timeout 30
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 10
<IfModule mpm_prefork_module>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 200
MaxRequestsPerChild 4000
</IfModule>
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 200
MaxRequestsPerChild 4000
</IfModule>
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 200
MaxRequestsPerChild 4000
</IfModule>
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#User www-data
#Group www-data
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
DefaultType None
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf
# Include list of ports to listen on and which to use for name based vhosts
Include ports.conf
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%b" bytes
IncludeOptional conf.d/*.conf
IncludeOptional conf.d/domains/*.conf
# Include the virtual host configurations:
#Include sites-enabled/
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/50x.html
ErrorDocument 501 /error/50x.html
ErrorDocument 502 /error/50x.html
ErrorDocument 503 /error/50x.html
ErrorDocument 506 /error/50x.html
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6095
|
Posted: 06 April 2022 at 6:56am | IP Logged
|
|
|
Then it's probably in one of the configs included into the main one:
Code:
Include mods-enabled/*.load
Include mods-enabled/*.conf
...
Include ports.conf
...
IncludeOptional conf.d/*.conf
IncludeOptional conf.d/domains/*.conf |
|
|
Anyway, as long as your installation works with .htaccess file removed and you're able to login, it's safe to have that file removed. While it protects configuration files from access over the web, we also supply .htaccess file in data directory itself. See this documentation page for more info. And just in case if data directory is accessible over the web, adminpanel will give a warning about that.
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|
Cobra91151 Newbie
Joined: 04 April 2022 Location: Ukraine
Online Status: Offline Posts: 24
|
Posted: 06 April 2022 at 8:41am | IP Logged
|
|
|
I can not find AllowOverride: None anywhere in those locations. I think, this value is controlled by HestiaCP. Also, I think it is bad to change this value: AllowOverride: None since it works well without your .htaccess file.
I have tried to access the http://XX.XXX.XX.XX/afterlogic/data directory, it leads to 500 error and that's very good. This directory is protected as required by .htaccess there and I get no security warnings or issues.
I have tried to access the afterlogic or afterlogic/adminpanel, it loads successfully without any issue (without .htaccess file).
http://XX.XXX.XX.XX/afterlogic/
http://XX.XXX.XX.XX/afterlogic/adminpanel
Everything works well. The issue is resolved. Thank you.
|
Back to Top |
|
|