User tests: Successful: Unsuccessful:
Since FollowSymlinks is disabled for security reasons in a growing number of apache hosting setups this PR add the more strict SymLinksIfOwnerMatch - but disables both options by default
Pull Request for Issue # .
in htaccess.txt (Template for .htacess)
#Options +FollowSymlinks
#Options +SymLinksIfOwnerMatch
use the changed htaccess.txt as .htaccess
Internal Server error on some hosting environments
Error: /httpdocs/.htaccess: Option FollowSymlinks not allowed here
Works
Please select:
Documentation link for docs.joomla.org:
No documentation changes for docs.joomla.org needed
Pull Request link for manual.joomla.org:
No documentation changes for manual.joomla.org needed
Status | New | ⇒ | Pending |
Couple of thingsQuite a few things
- Just changing this line is not enough in the context of the file. The description/instructions beginning on L10 will also need updating.
Just for point 2 at the moment - your are correct that this text next changes too. And i even noticed that +FollowSymLinks is not needed for mod_rewrite - most of my websites run without it - with SEF URL's enabled. So we could even discuss the whole Symlinks options. They are needed however for the newly introduced option to run joomla from outside of the web root. This must be mentioned too.
Note: In case of a change of an htaccess file, a post installation message must also be added to the code.
Just a explanation why i did this PR: I had two incidents over the last two weeks when this problem was involved. One joomla user did a fresh install of joomla 4.4 on a new hosting environment and copied htaccess.txt to .htacess as a routine job and then copied other things to web space. when he tried to access the page again he got a internal server error... he called me in desperation. he should have checked the error_log. but without further knowledge about the symlink issue that would not have helped. the other guy moved a running joomla installation to a new host and immediately had the internal server error.
it always hurts me when people have problems such joomla... especially when we knew (there was a message about this problem in mattermost) about this problem before.
Note: In case of a change of an htaccess file, a post installation message must also be added to the code.
That's point 1 on Brians list. We will do that.
- There is a performance hit with this change so please consider this alternative https://httpd.apache.org/docs/2.4/misc/perf-tuning.html#symlinks
Maybe we don't need the option at all for normal use - collecting further information
- Is this really something for a patch release?
It's a bug that bothers people on new installations of joomla 4.4
- Is this really something for a patch release?
It's a bug that bothers people on new installations of joomla 4.4
My searches suggest that some very large hosts have been doing this for over ten years so its not "urgent"
Labels |
Added:
PR-4.4-dev
|
Category | ⇒ | Administration Language & Strings |
definitely not in favour of the latest updates to this PR as you now disable both options by default which is not correct.
Labels |
Added:
Language Change
Maintainers Checked
|
Title |
|
As for myself, just tested this and my hosting platform does not throw an error message, so of course important to make sure whatever change is made will not break/negatively affect sites that already work the Options +SymLinksIfOwnerMatch parameters.
Couple of thingsQuite a few things
Whenever we have made a change to the htaccess.txt file we have accompanied it with a post installation message that is displayed for upgraded
Just changing this line is not enough in the context of the file. The description/instructions beginning on L10 will also need updating.
There is a performance hit with this change so please consider this alternative https://httpd.apache.org/docs/2.4/misc/perf-tuning.html#symlinks
Is this really something for a patch release?