The forum is here for legacy reasons. No new posts will be created. User registration is disabled! If you have any questions, please email us or check https://www.adultscriptpro.com for more details!
You are not logged in.
Pages: 1
Hey Adrian,
As we discussed via email last week if you recall the problem I had with my new server and it throwing out the "500 Internal Server Error".
Well, just a heads up, the server I have is a brand new quad with the LATEST release of DirectAdmin (as I obviously had to install it from DA). Now DirectAdmin no longer allows FollowSymLinks in the .htacess file so you may encounter the same problem with new customers who have servers running the LATEST release of DirectAdmin. It's a very recent new revision.
From the DirectAdmin site:
"DirectAdmin Support
Administrator
Security - Recommended update to httpd.conf files via custombuild
Hello,
It's been discovered that it's more secure not to allow the FollowSymLinks option in apache. The only way to truly disable that item is to change the AllowOverride settings in the main httpd.conf. Without the change of the AllowOverride, anyone could simply re-enable in an .htaccess file.
The catch with this change, is that any sites that currently have:
:Options FollowSymLinks
will throw an 500 Internal Server Error. The apache error log entry would look like:
[Thu Dec 08 03:25:56 2011] [alert] [client 1.2.3.4] /home/username/domains/domain.com/public_html/.htaccess: Option FollowSymLinks not allowed here
which would signify that the .htaccess has the FollowSymLinks option, which is no longer allowed to be used.
Since this change as the potential to break existing sites, we will not enable it for existing installs. However, new installs will have this option enabled.
The option is in the custombuild options.conf and is
secure_htaccess=yes
which, when set and you run
./build update
./build set secure_htaccess yes
./build rewrite_confs
you'll end up with a httpd-directories.conf symbolic link in /etc/httpd/conf/extra/httpd-directories-new.conf. When set to "no", it will link to httpd-directories-old.conf, which contain the old method of setting up the AllowOverride for the <Directory ..>
Versions entry:
http://www.directadmin.com/features.php?id=1119
FollowSymLinks is insecure.
SymLinksIfOwnerMatch is much better.
You said that I must of done something to the server settings but it's a default now in the new revision of DirectAdmin, just thought I'd let you know for any future customers of yours encountering the same issues. ;)
Pete.
Last edited by Pikeypete (2012-01-06 07:38:57)
Offline
To fix this issue with the new revision of DirectAdmin (As taken off the DA site):
What this patch does, is allows Users to use everything as it was before, including the FollowSymLinks option.
However, the functionality of FollowSymLinks is no longer the insecure type as it was before.
The new functionality of FollowSymLinks with this patch will simply duplicate the functionality of the more secure SymLinksIfOwnerMatch.
This will allow the secure_htaccess option to be set to "no" (old httpd config setup), but still solve the linking issue with regards to security.Once testing is under the belt for this patch, we'll set secure_htaccess=no as the default, and harden-symlinks-patch=yes as the default.
To use it:
cd /usr/local/directadmin/custombuild
./build update
./build set harden-symlinks-patch yes
./build set secure_htaccess no
./build apache
./build rewrite_confs
Some cases, ./build apache will delete modules from /usr/lib/apache... so if that happens, you'll also need to do:
./build php n
and for any other missing modules.
Pete.
Last edited by Pikeypete (2012-01-06 08:37:33)
Offline
Does this fix the problem? Is your site working correctly now?
Adult Scripts: Adult Script Pro - Adult Search Script
Adult Advertising/Traffic: Plug Rush - EXOClick - PopAds
Offline
It was supposed to and it seemed to for a while but now it hasn't.
It's due to the new DirectAdmin security restrictions on FollowSymLinks, it's pissing me off. I tried to comment out the FollowSymLinks and even the mod_rewrite which again gives me the 500 error.
If you have the time maybe you could take a look..? You have all of my server details.. I sent you a couple of emails recently, also requesting the latest release ASP.
It's just frustrating as it's not an error that I've caused, it's a new restriction from the new revision of DirectAdmin.
Thanks Adrian.
Last edited by Pikeypete (2012-01-06 16:39:45)
Offline
Can you please drop me a email with ssh root access again please? (we're going to have a client area at some point, and all this email password stuff will be gone, i apologise for the inconvenience).
Adult Scripts: Adult Script Pro - Adult Search Script
Adult Advertising/Traffic: Plug Rush - EXOClick - PopAds
Offline
It should be working now.
Adult Scripts: Adult Script Pro - Adult Search Script
Adult Advertising/Traffic: Plug Rush - EXOClick - PopAds
Offline
Pages: 1