WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Internal Server error with every BPS .htaccess file (8 posts)

  1. gravitas1
    Member
    Posted 1 year ago #

    I have just installed wordpress on an ubuntu apache2 system and everything works fine. I decided to install BPS, the only other plugin was Better Security.

    None of the supplied .htaccess files work, they all create Internal errors. I can create my own .htaccess without any problems, that works.

    The apache errorlog is reporting errors in the .htaccess file

    /var/www/wordpress/.htaccess: DirectoryIndex not allowed here, referer: http://<webaddress>/wp-admin/admin.php?page=bulletproof-security/admin/options.php

    or just

    /var/www/wordpress/.htaccess: DirectoryIndex not allowed here

    Can anyone give me any clues ?
    thx

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    From the error it looks like your Server does not allow you to use this .htaccess code on your Server.

    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file
    # index.html will be ignored will not load.
    DirectoryIndex index.php index.html /index.php

    And most likely your Server will not allow you to use this code either so you may need to comment this out as well.

    # DO NOT SHOW DIRECTORY LISTING
    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    Options -Indexes

    Also if you have full control of your Server you would need to add the correct Server configuration info to your httpd.conf file to allow these .htaccess directives.

  3. gravitas1
    Member
    Posted 1 year ago #

    Thanks for the reply, the httpd.conf file is not used in apache2, to apply the DirectoryIndex directive this needed to be changed in

    /etc/apache2/mods-enabled/dir.conf

    The Options -Indexes I had already commented out.

    I now get /.htaccess: order not allowed here, referer ....

    in both the root .htaccess and the wp-admin .htaccess

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Oops yep on apache2 and dir.conf.

    Ok so I am not completely understanding what you said.

    Did you comment out - DirectoryIndex in your root .htaccess file? Or did you do something else in your dir.conf file? I am not really sure what you are saying.

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    And your Server should definitely be allowing "Order" that is a standard and basic directive. I think you need to look up some Server configuration stuff on the Apache site. Look at AllowOverride and other similar common Server configurations - http://httpd.apache.org/docs/current/mod/core.html

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from 88.77.66.55
    </FilesMatch>
  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    And since you have control of your own Server you can just add directives to the dir.conf if you do not want to change AllowOverride to all and use directives in .htaccess files.

  7. gravitas1
    Member
    Posted 1 year ago #

    Hi,

    I had to delete/comment out DirectoryIndex in both the root .htaccess file and wp-admin .htaccess file. The DirectoryIndex directive for apache2 can be found in the file :

    /etc/apache2/mods-enabled/dir.conf

    By default this file has the order "index.html index.php", so this needs to be flipped. So instead of your .htaccess files enforcing this, I changed the apache2 dir.conf files to enforce the directoryindex sequence.

    The Options -index I just had to comment out.

    Lastly you were spot on with the "allowing "Order" that is a standard and basic directive". I went through a server hardening exercise before installing wordpress. The apache2 config files in the sites-available directory were to restrictive, I forgot I had done that.

    The config files need the "AllowOverride FileInfo Limit"

    "FileInfo" to allow the .htaccess files and "Limit" allows the "Order"

    Thanks for the nudge in the right direction.

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep no prob. ;)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.