"AllowOverride AuthConfig" is required to use the "Require" directive in .htaccess

RESOLVED FIXED in Bugzilla 4.4

Status

()

Bugzilla
Documentation
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Frédéric Buclin, Assigned: Frédéric Buclin)

Tracking

5.0.1
Bugzilla 4.4
Bug Flags:
approval5.0 +
approval4.4 +

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

2 years ago
In bug 1133690 comment 18 and following, several admins reported errors with their Apache configuration:

  .htaccess: Require not allowed here

The reason is that in order to use "Require" in .htaccess, we must whitelist this directive in httpd.conf using "AllowOverride AuthConfig". Admins using Apache 2.2 are not affected, because "Allow" and "Deny" are controlled by "AllowOverride Limit".

I wonder if this also explains why things were going wrong with mod_perl. If yes, this would make our code in .htaccess *much* simpler.
(Assignee)

Comment 1

2 years ago
@dkl: could you test this for me? If you add AuthConfig to the AllowOverride list in httpd.conf and remove all these hacks about mod_perl from .htaccess, does mod_perl still work correctly?
Flags: needinfo?(dkl)
(Assignee)

Comment 2

2 years ago
Created attachment 8686057 [details] [diff] [review]
patch, v1

Apache 2.2 supports 5 directives for AllowOverride: AuthConfig, FileInfo, Indexes, Limit and Options, and we need them all to run Bugzilla, so instead of listing them all, I simply replaced them by "AllowOverride All". Apache 2.4 supports a new Nonfatal directive, which we don't need, but it doesn't hurt to use "All" anyway.
Assignee: documentation → LpSolit
Status: NEW → ASSIGNED
Attachment #8686057 - Flags: review?(gerv)
(Assignee)

Comment 3

2 years ago
Created attachment 8686076 [details] [diff] [review]
patch, v1.1

Must fix mod_perl.pl too.
Attachment #8686057 - Attachment is obsolete: true
Attachment #8686057 - Flags: review?(gerv)
Attachment #8686076 - Flags: review?(gerv)
Attachment #8686076 - Flags: review?(gerv) → review+
(Assignee)

Comment 4

2 years ago
Requesting approval due to changes in mod_perl.pl.
Flags: approval5.0?
Flags: approval4.4?

Updated

2 years ago
Flags: needinfo?(dkl)
Flags: approval5.0?
Flags: approval5.0+
Flags: approval4.4?
Flags: approval4.4+
(Assignee)

Comment 5

2 years ago
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   56d18c6..2363a2c  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   5919408..a42b958  5.0 -> 5.0

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   042a03b..fab04c6  4.4 -> 4.4
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
(Assignee)

Updated

2 years ago
Duplicate of this bug: 1138463

Comment 7

2 years ago
Is there any chance a mention of this could be added to the release notes for 5.0.2 at https://www.bugzilla.org/releases/5.0.2/release-notes.html - I needed to add the “AuthConfig” to the AllowOverride line in my sites-available/bugzilla.conf file to get back to a working installation after following the instructions in the 5.0.2 release notes to rebuild my .htaccess files (which left me with the “Require not allowed” problem mentioned in bug 1133690 comment 27, which I found only by searching, ending at the message https://groups.google.com/d/msg/mozilla.support.bugzilla/haygZT3rZ7Y/jOgdvuEECAAJ , which is a bit of an obscure route to have to follow to get things working again! :) ).
(Assignee)

Comment 8

2 years ago
(In reply to William Gallafent from comment #7)
> Is there any chance a mention of this could be added to the release notes
> for 5.0.2

Note that what 5.0.2 fixes are broken mod_perl installations, because the Apache directives are controlled by our mod_perl.pl script. 5.0.2 doesn't fix anything specifically for other (non mod_perl) installations, so I'm not sure this is a good place for this. This would IMO confuse some admins because we would be mixing instructions for both non mod_perl and mod_perl installations.
At most could a link pointing to http://bugzilla.readthedocs.org/en/5.0/installing/apache.html be added as a reminder.
You need to log in before you can comment on or make changes to this bug.