@towerlexa opened this issue on December 19th 2016

Afterr upgrading to Piwik 3.0.0 i had the following issues:

[Mon Dec 19 07:44:46 2016] [alert] [client 88.71.80.126] /data/<docroot>**/piwik/libs/.htaccess: AddHandler not allowed here**, referer: https://piwik.domain.de/index.php?module=CoreUpdater&action=newVersionAvailable

and the next one:

[Mon Dec 19 07:48:42 2016] [alert] [client 88.71.80.126] /data/<docroot>**/piwik/plugins/.htaccess: Options not allowed here**, referer: https://piwik.domain.de/index.php?module=MultiSites&action=index&idSite=1&period=day&date=today

I have a Debian Wheezy and a Apache

Server version: Apache/2.2.22 (Debian)
Server built:   Jul 20 2016 05:07:11

As figured out from another one (https://forum.piwik.org/t/internal-server-error-after-upgrade-to-3-0/22163) The Issue is gone, while i comment out the Options Line.

/piwik/plugins/.htaccess:

<IfModule !mod_version.c>
        <IfModule !mod_authz_core.c>
                Order Allow,Deny
                Allow from All
        </IfModule>
        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
</IfModule>
</Files>
**#Options -Indexes**

The AddHandler Issue i couldn't solve at this point!

/piwik/libs/.htaccess:

# Serve HTML files as text/html mime type - Note: requires mod_mime apache module!
<IfModule mod_mime.c>
**   AddHandler text/html .html **
**   AddHandler text/html .htm **
</IfModule>

Thank you all very much for your great job with piwik! Kind regards, Axel

@Chriz1083 commented on December 19th 2016

Hi! Same problem here after Upgrade to Piwik 3.0.0! If I comment out the "Option -Indexes" Line in some .htaccess files, it works.

But after that, there are still more problems.

Problem User Country Plugin PHP Error: PHP Fatal error: Cannot redeclare class Piwik\Plugins\UserCountry\LocationProvider\DefaultProvider in [...]/piwik/plugins/UserCountry/LocationProvider/Default.php on line 0

And:

If I want to open the page "Administration > System > Geolocation" I get an 500 Error (Internal Server Error).

If I try to open the site "Administartion > Systemcheck", I also get a 500 Error Message.

@johsin18 commented on December 19th 2016

Same problem here. Deleting the line helps, but I fear that I would have to do it for every update. Directory indexes are switched off by default anyway by my provider.

This problem certainly depends on the web server configuration, but my influence on the provider about the config is limited (HostEurope WebPack 4 here).

@mattab commented on December 25th 2016

Hello @johsin18 @Chriz1083 @towerlexa

I'd like to help solve the Option -Indexes issues. Unfortunately after searching for 10min I couldn't find why it's not working, or rather I couldn't find how to make it work.

Could you please try the following: - in your htaccess where you removed Option -Indexes - re-add this with the following format:

<IfModule mod_version.c>
Option -Indexes
</IfModule>

-> Do you get the error back, or is Piwik working the same as when you removed this line originally?

@towerlexa commented on December 27th 2016

@mattab , Hi Matthieu thanks for your answer.

i 've tried it at my server, but unfortunately it doesn't work!

**/piwik/libs/.htaccess

<IfModule !mod_version.c>
        <IfModule !mod_authz_core.c>
                Order Allow,Deny
                Allow from All
        </IfModule>
        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
</IfModule>
</Files>
#Options -Indexes
<IfModule mod_version.c>
   Options -Indexes
</IfModule>

=> Your hint with "Option" is wrong. The parameter should be "Options"

I will try to investigate too... but i'am not really sure if i'am able to help Kind regards, Axel

@mattab commented on December 27th 2016

If you find the solution of how we could safely call Options -Indexes please let me know. For now we've removed it again from the htaccess (will be in 3.0.1)

@towerlexa commented on December 27th 2016

@mattab ,

thank you very much for your answer. I'am currently not sure, why the setting is in my vhost-definition from my apache server. I had to allow the Options setting there.

[...]
        <Directory />
               Options FollowSymLinks
                # Piwik Issue https://github.com/piwik/piwik/issues/11040#issuecomment-269140850
                # adding the "Options" to AllowOverride
               **AllowOverride AuthConfig Limit Options**
[...]

Maybe it is worth to give a hint in the update guide to check, that AllowOverride [...] Options is allowed, so that you could set this within the .htaccess Files.

Additiona i would like to wish, that a general vhost setting and securing guide will be written. I think most of the people do her own settings there. Depending on every person or admin, of course, the settings will be different.

Maybe this could added to the Piwik securing guide: http://piwik.org/docs/how-to-secure-piwik/

For my second issue (please see above ---- /piwik/libs/.htaccess: AddHandler not allowed here --- ) i will investigate too.

kind regards, Axel

@towerlexa commented on December 27th 2016

@mattab ,

now a little bit more belonging the issue with "AddHandler not allowed here"

[Mon Dec 19 07:44:46 2016] [alert] [client 88.71.80.126] /data/<docroot>**/piwik/libs/.htaccess: AddHandler not allowed here**, referer: https://piwik.domain.de/index.php?module=CoreUpdater&action=newVersionAvailable

If i have a look at the following documentation: http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler

I have to add the FileInfo setting to my vhost-configuration!

                # Piwik Issue https://github.com/piwik/piwik/issues/11040#issuecomment-269140850
                # adding the "Options" to AllowOverride
               AllowOverride AuthConfig Limit Options FileInfo

In my opinion, if all users who had this problem, add the following "Options" and "FileInfo" to the vhost configuration, the should solve the issue also for the future!

AllowOverride AuthConfig Limit **Options FileInfo**

By the way, why it is absolutely necessary to have the following AddHandler statements in the "/piwik/libs/.htaccess" file???

# Serve HTML files as text/html mime type - Note: requires mod_mime apache module!
<IfModule mod_mime.c>
   AddHandler text/html .html
   AddHandler text/html .htm
</IfModule>

Are you really sure, that you need it?

Kind regards, Axel

@towerlexa commented on December 27th 2016

additional, i saw in this moment, that i've already added the AddHandler statement to my vhost configuration:

    <DirectoryMatch "^/data/apache/piwik/(libs|config|core|lang|tmp|vendor)">
            Options FollowSymLinks
            AllowOverride Options FileInfo
            Order Allow,Deny
            deny from all
            # Serve HTML files as text/html mime type
            **AddHandler text/html .html**
            **AddHandler text/html .htm**

But i'am not sure, for which reason, i've already configured this! Maybe because of the recommendations from the Securing Piwik settings??

Regards, Axel

@johsin18 commented on December 29th 2016

So guarding it with

<IfModule mod_version.c>

does not help.

I think the problem is that Options is just not included in my provider's AllowOverride configuration. Apache complains and responds 500, even though Piwik's .htaccess would not even change the value, AFAIK directory indexes are already switched off by default.

I have only very limited access to the Apache configuration, I cannot change the AllowOverride configuration for Apache. So I would prefer that Piwik only shows a warning instead of trying to disable indexes by itself. Otherwise I cannot run an unpatched Piwik on my webspace anymore.

So thanks for removing the line, I don't see another option in my case, at least.

This issue was closed on December 27th 2016
Powered by GitHub Issue Mirror