hughm Posted July 23, 2015 Share Posted July 23, 2015 OK so I've got OSCommerce up and running and I'm really happy with it. One problemette is that the security check is is telling me to disable indexing on a particular folder for security reasons. What I do is: modify /etc/apache2/apache2.conf for /var/www, setting "AllowOverrides" to "Indexes" change $oscommerceroot/admin/.htaccess to include "Options -Indexes" restart Apache. The shopfront then lacks any images, and admin isn't accessible at all: "The server encountered an internal error or misconfiguration and was unable to complete your request." Any ideas very gratefully received. Best wishes Hugh Link to comment Share on other sites More sharing options...
MrPhil Posted July 23, 2015 Share Posted July 23, 2015 Normally, Options -Indexes should be enough to stop indexing. Note that many hosts these days forbid Options on security grounds, but it sounds like you have full control over the server. I'm not familiar with the AllowOverrides, or when it might be needed (I suspect that it enables your using Options in .htaccess). You might check if Options rather than Indexes is the parameter to use. Do the images work, and is admin accessible, after you back out your changes? Or could other changes be affecting you? Do you have hotlink protection enabled on your images? If so, were you careful to whitelist your site? Do you have any .htaccess entries affecting your admin directory, such as password protection? Maybe your password protection is incorrectly specified for your particular server -- do you have any sort of control panel that does that for you (cPanel, etc.) or are you totally on your own? Anyway, comment out everything, then add things back in one at a time to see what is causing the problem. Link to comment Share on other sites More sharing options...
hughm Posted July 24, 2015 Author Share Posted July 24, 2015 Thanks Phil. Yes, if I comment out the entry in the .htaccess file, and change the global server options back to "AllowOverrides None," it works again. Very strange. It's a bit of a problem as I love oscommerce but I can't really go live with it telling me "security risk" in red! I don't have hotlink protection on images, I didn't know that was a thing. There is no password protection on the admin directory (I was going to add that once I solve this problem). I thought about installing webmin, but I'm a bit loathe to do so as the server can see the Internet and I don't want anyone taking over the webmin. Maybe I will have to pony up for the paid support. I'm trying to start the business on a very limited budget so it would be great to avoid that if poss. I would of course look to contribute to the community further down the line. Thanks again for your thoughts. Hugh Link to comment Share on other sites More sharing options...
MrPhil Posted July 24, 2015 Share Posted July 24, 2015 AFAIK, customers won't see the "security risk" warning. You might try it as a random customer. If only you see it, you can ignore it while you figure out what's going on. Note that you can always put an empty index.html file in that directory to prevent indexing, even if that doesn't shut up the warning. Hotlink protection is a section of .htaccess: RewriteCond NOT coming from these host(s) [you, and trusted other sites], and IS various graphics format file extensions RewriteRule KILL the attempt to access That's the most common reason for being unable to access images, if your own site is not listed in the whitelist. If you have an .htaccess in the images directory(ies) that is invalid, that could also prevent access. If you are trying to manage a full server yourself, but have no experience in the area, I'm afraid you may be in for some tough sledding. You should have started with a shared server, managed by someone experienced, and only after you outgrow it go to VPS/cloud or dedicated. Allowoverides None is telling the server to ignore your .htaccess file(s) (I just looked it up). http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride suggests to me (I haven't tried it) that you want Allowoverides Options, not Index, Give it a try if you haven't already. Image display and admin access shouldn't have anything to do with each other, so it's a puzzle, unless you have multiple problems with your configuration and/or .htaccess file(s). The "internal error" (500 code) message can mean a lot of things, including invalid commands in .htaccess, (e.g., Options -Indexes when you haven't properly permitted Options). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.