Closed Bug 1223790 Opened 9 years ago Closed 9 years ago

"AllowOverride AuthConfig" is required to use the "Require" directive in .htaccess


(Bugzilla :: Documentation, defect)

Not set



Bugzilla 4.4


(Reporter: LpSolit, Assigned: LpSolit)




(1 file, 1 obsolete file)

In bug 1133690 comment 18 and following, several admins reported errors with their Apache configuration:

  .htaccess: Require not allowed here

The reason is that in order to use "Require" in .htaccess, we must whitelist this directive in httpd.conf using "AllowOverride AuthConfig". Admins using Apache 2.2 are not affected, because "Allow" and "Deny" are controlled by "AllowOverride Limit".

I wonder if this also explains why things were going wrong with mod_perl. If yes, this would make our code in .htaccess *much* simpler.
@dkl: could you test this for me? If you add AuthConfig to the AllowOverride list in httpd.conf and remove all these hacks about mod_perl from .htaccess, does mod_perl still work correctly?
Flags: needinfo?(dkl)
Attached patch patch, v1 (obsolete) — Splinter Review
Apache 2.2 supports 5 directives for AllowOverride: AuthConfig, FileInfo, Indexes, Limit and Options, and we need them all to run Bugzilla, so instead of listing them all, I simply replaced them by "AllowOverride All". Apache 2.4 supports a new Nonfatal directive, which we don't need, but it doesn't hurt to use "All" anyway.
Assignee: documentation → LpSolit
Attachment #8686057 - Flags: review?(gerv)
Attached patch patch, v1.1Splinter Review
Must fix too.
Attachment #8686057 - Attachment is obsolete: true
Attachment #8686057 - Flags: review?(gerv)
Attachment #8686076 - Flags: review?(gerv)
Attachment #8686076 - Flags: review?(gerv) → review+
Requesting approval due to changes in
Flags: approval5.0?
Flags: approval4.4?
Flags: needinfo?(dkl)
Flags: approval5.0?
Flags: approval5.0+
Flags: approval4.4?
Flags: approval4.4+
To ssh://
   56d18c6..2363a2c  master -> master

To ssh://
   5919408..a42b958  5.0 -> 5.0

To ssh://
   042a03b..fab04c6  4.4 -> 4.4
Closed: 9 years ago
Resolution: --- → FIXED
Is there any chance a mention of this could be added to the release notes for 5.0.2 at - I needed to add the “AuthConfig” to the AllowOverride line in my sites-available/bugzilla.conf file to get back to a working installation after following the instructions in the 5.0.2 release notes to rebuild my .htaccess files (which left me with the “Require not allowed” problem mentioned in bug 1133690 comment 27, which I found only by searching, ending at the message , which is a bit of an obscure route to have to follow to get things working again! :) ).
(In reply to William Gallafent from comment #7)
> Is there any chance a mention of this could be added to the release notes
> for 5.0.2

Note that what 5.0.2 fixes are broken mod_perl installations, because the Apache directives are controlled by our script. 5.0.2 doesn't fix anything specifically for other (non mod_perl) installations, so I'm not sure this is a good place for this. This would IMO confuse some admins because we would be mixing instructions for both non mod_perl and mod_perl installations.
At most could a link pointing to be added as a reminder.
You need to log in before you can comment on or make changes to this bug.