Closed Bug 1223790 Opened 9 years ago Closed 9 years ago

"AllowOverride AuthConfig" is required to use the "Require" directive in .htaccess

Categories

(Bugzilla :: Documentation, defect)

5.0.1
defect
Not set
normal

Tracking

()

RESOLVED FIXED
Bugzilla 4.4

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

Attachments

(1 file, 1 obsolete file)

In bug 1133690 comment 18 and following, several admins reported errors with their Apache configuration: .htaccess: Require not allowed here The reason is that in order to use "Require" in .htaccess, we must whitelist this directive in httpd.conf using "AllowOverride AuthConfig". Admins using Apache 2.2 are not affected, because "Allow" and "Deny" are controlled by "AllowOverride Limit". I wonder if this also explains why things were going wrong with mod_perl. If yes, this would make our code in .htaccess *much* simpler.
@dkl: could you test this for me? If you add AuthConfig to the AllowOverride list in httpd.conf and remove all these hacks about mod_perl from .htaccess, does mod_perl still work correctly?
Flags: needinfo?(dkl)
Attached patch patch, v1 (obsolete) — Splinter Review
Apache 2.2 supports 5 directives for AllowOverride: AuthConfig, FileInfo, Indexes, Limit and Options, and we need them all to run Bugzilla, so instead of listing them all, I simply replaced them by "AllowOverride All". Apache 2.4 supports a new Nonfatal directive, which we don't need, but it doesn't hurt to use "All" anyway.
Assignee: documentation → LpSolit
Status: NEW → ASSIGNED
Attachment #8686057 - Flags: review?(gerv)
Attached patch patch, v1.1Splinter Review
Must fix mod_perl.pl too.
Attachment #8686057 - Attachment is obsolete: true
Attachment #8686057 - Flags: review?(gerv)
Attachment #8686076 - Flags: review?(gerv)
Attachment #8686076 - Flags: review?(gerv) → review+
Requesting approval due to changes in mod_perl.pl.
Flags: approval5.0?
Flags: approval4.4?
Flags: needinfo?(dkl)
Flags: approval5.0?
Flags: approval5.0+
Flags: approval4.4?
Flags: approval4.4+
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 56d18c6..2363a2c master -> master To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 5919408..a42b958 5.0 -> 5.0 To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 042a03b..fab04c6 4.4 -> 4.4
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Is there any chance a mention of this could be added to the release notes for 5.0.2 at https://www.bugzilla.org/releases/5.0.2/release-notes.html - I needed to add the “AuthConfig” to the AllowOverride line in my sites-available/bugzilla.conf file to get back to a working installation after following the instructions in the 5.0.2 release notes to rebuild my .htaccess files (which left me with the “Require not allowed” problem mentioned in bug 1133690 comment 27, which I found only by searching, ending at the message https://groups.google.com/d/msg/mozilla.support.bugzilla/haygZT3rZ7Y/jOgdvuEECAAJ , which is a bit of an obscure route to have to follow to get things working again! :) ).
(In reply to William Gallafent from comment #7) > Is there any chance a mention of this could be added to the release notes > for 5.0.2 Note that what 5.0.2 fixes are broken mod_perl installations, because the Apache directives are controlled by our mod_perl.pl script. 5.0.2 doesn't fix anything specifically for other (non mod_perl) installations, so I'm not sure this is a good place for this. This would IMO confuse some admins because we would be mixing instructions for both non mod_perl and mod_perl installations. At most could a link pointing to http://bugzilla.readthedocs.org/en/5.0/installing/apache.html be added as a reminder.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: