Sorry, that second .htaccess file below was the incorrect file, here is the correct .htaccess apache was having a problem with...
# @copyright Copyright 2003-2010 Zen Cart Development Team # @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 # @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte $ # # This is used with Apache WebServers # # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled. # Will also prevent people from seeing what is in the dir. and any sub-directories # # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file. # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. # Example: #<Directory "/usr/local/apache/htdocs"> # AllowOverride Limit Options Indexes #</Directory> ############################### DirectoryIndex index.php # prevents inappropriate browsing <FilesMatch ".*\..*"> Order Allow,Deny Deny from all </FilesMatch> <FilesMatch "(^$|^favicon.ico$|.*\.(php|js|css|jpg|gif|png|html)$)"> Order Allow,Deny Allow from all </FilesMatch> IndexIgnore */* # Older versions of the mod_security extension in apache may cause "406" errors to appear during installation. # If you are running into such problems, simply remove the # from the beginning of the following lines: #SecFilterEngine off #SecFilterScanPOST Off ~ ~ ~ ~ ~ --- On Fri, 9/3/10, J Wilson <troyinfor...@yahoo.com> wrote: > From: J Wilson <troyinfor...@yahoo.com> > Subject: Re: Re: Re: [us...@httpd] 500 internal server error running php > application > To: users@httpd.apache.org > Date: Friday, September 3, 2010, 12:08 PM > There are two .htaccess. They > are both included in Zen-Cart, these are the .htaccess files > that the apache error logs seem to be having a problem with > - this is a newer version of Zen Cart, I don't remember them > being in the older versions I am currently running: > > > > > # @copyright Copyright 2003-2010 Zen Cart Development Team > # @license http://www.zen-cart.com/license/2_0.txt GNU Public > License V2.0 > # @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte > $ > # > # This is used with Apache WebServers > # > # The following blocks direct HTTP requests to all > filetypes in this directory recursively, except certain > approved exceptions > # It also prevents the ability of any scripts to run. No > type of script, be it PHP, PERL or whatever, can normally be > executed if ExecCGI is disabled. > # Will also prevent people from seeing what is in the dir. > and any sub-directories > # > # For this to work, you must include either 'All' or at > least: 'Limit' and 'Indexes' parameters to the AllowOverride > configuration in your apache/conf/httpd.conf file. > # Additionally, if you want the added protection offered by > the OPTIONS directive below, you'll need to add 'Options' to > the AllowOverride list, if 'All' is not specified. > # Example: > #<Directory "/usr/local/apache/htdocs"> > # AllowOverride Limit Options Indexes > #</Directory> > ############################### > > # deny *everything* > <FilesMatch ".*"> > Order Allow,Deny > Deny from all > </FilesMatch> > > # but now allow just *certain* necessary files: > <FilesMatch > ".*\.(js|JS|css|CSS|jpg|JPG|gif|GIF|png|PNG|swf|SWF)$"> > Order Allow,Deny > Allow from all > </FilesMatch> > > IndexIgnore */* > > > ## NOTE: If you want even greater security to prevent > hackers from running scripts in this folder, uncomment the > following line (if your hosting company will allow you to > use OPTIONS): > # OPTIONS -Indexes -ExecCGI > ~ > ~ > > > > And the second .htaccess: > > # > # @copyright Copyright 2003-2010 Zen Cart Development Team > # @license http://www.zen-cart.com/license/2_0.txt GNU Public > License V2.0 > # @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte > $ > # > # This is used with Apache WebServers > # > # The following blocks direct HTTP requests to all > filetypes in this directory recursively, except certain > approved exceptions > # It also prevents the ability of any scripts to run. No > type of script, be it PHP, PERL or whatever, can normally be > executed if ExecCGI is disabled. > # Will also prevent people from seeing what is in the dir. > and any sub-directories > # > # For this to work, you must include either 'All' or at > least: 'Limit' and 'Indexes' parameters to the AllowOverride > configuration in your apache/conf/httpd.conf file. > # Additionally, if you want the added protection offered by > the OPTIONS directive below, you'll need to add 'Options' to > the AllowOverride list, if 'All' is not specified. > # Example: > #<Directory "/usr/local/apache/htdocs"> > # AllowOverride Limit Options Indexes > #</Directory> > ############################### > > # deny *everything* > <FilesMatch ".*"> > Order Allow,Deny > Deny from all > </FilesMatch> > > # but now allow just *certain* necessary files: > <FilesMatch ".*\.(js|css|jpg|JPG|gif|GIF|png|PNG)$"> > Order Allow,Deny > Allow from all > </FilesMatch> > > IndexIgnore */* > ~ > ~ > ~ > ~ > ~ > > > --- On Fri, 9/3/10, ja...@nixsecurity.org > <ja...@nixsecurity.org> > wrote: > > > From: ja...@nixsecurity.org > <ja...@nixsecurity.org> > > Subject: Re: Re: Re: [us...@httpd] 500 internal server > error running php application > > To: users@httpd.apache.org > > Date: Friday, September 3, 2010, 11:49 AM > > > > Could you possibly paste the contents of the > .htaccess > > file? > > > > >---- Original Message ---- > > >From: J Wilson <troyinfor...@yahoo.com> > > >To: users@httpd.apache.org > > >Sent: Fri, Sep 3, 2010, 11:47 AM > > >Subject: Re: Re: [us...@httpd] 500 internal > server > > error running php application > > > > > >Error Log: > > > > > >/home/webdir/www/catalog/includes/.htaccess: order > not > > allowed here, referer: http://www.mydomain.com/catalog/ > > > > > >[Fri Sep 03 11:34:34 2010] [alert] [client > > ip.add.re.ss] > /home/webdir/www/catalog/zc_install/.htaccess: > > DirectoryIndex not allowed here, referer: http://www.mydomain.com/catalog/ > > > > > > > > > > > > > > >--- On Fri, 9/3/10, ja...@nixsecurity.org > > <ja...@nixsecurity.org> > > wrote: > > > > > >> From: ja...@nixsecurity.org > > <ja...@nixsecurity.org> > > >> Subject: Re: Re: [us...@httpd] 500 internal > server > > error running php application > > >> To: users@httpd.apache.org > > >> Date: Friday, September 3, 2010, 9:39 AM > > >> I'd also take a look at the Apache > > >> error_log to see if there's any indication > evident > > there. > > >> Keep in mind that if the PHP code suppresses > error > > reporting > > >> (by prefixing expressions with the @ > character) > > then nothing > > >> will be reported. > > >> > > >> >---- Original Message ---- > > >> >From: Eric Covener <cove...@gmail.com> > > >> >To: users@httpd.apache.org > > >> >Sent: Fri, Sep 3, 2010, 9:35 AM > > >> >Subject: Re: [us...@httpd] 500 internal > server > > error > > >> running php application > > >> > > > >> >On Fri, Sep 3, 2010 at 9:31 AM, chris h > <chris...@gmail.com> > > >> wrote: > > >> >> Does a failed PHP script not show > > a PHP error as > > >> well as send a 500 response > > >> >> code? > > >> >> > > >> > > > >> ><fajita> White Screen Of Death, one > of > > PHP's > > >> specialties. It is > > >> >produced when an error has occurred in a > PHP > > script and > > >> the error > > >> > > > >> reporting goes either to the > > >> error log or to > > >> >nowhere. To solve it, look for the error > > reporting > > >> settings in php.ini > > >> >(or use > > >> > > > >> ini_set()). Also check the > > >> error log (see step > > >> >one). Further questions MUST GO TO > ##PHP. > > >> > > > >> > > > >> >-- > > >> >Eric Covener > > >> >cove...@gmail.com > > >> > > > >> > > > >--------------------------------------------------------------------- > > >> >The official User-To-User support forum > of the > > Apache > > >> HTTP Server Project. > > >> >See <URL:http://httpd.apache.org/userslist.html> for more > > >> info. > > >> >To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > >> > " from the digest: > > >> users-digest-unsubscr...@httpd.apache.org > > >> >For additional commands, e-mail: users-h...@httpd.apache.org > > >> > > >> > > >> > > > --------------------------------------------------------------------- > > >> The official User-To-User support forum of > the > > Apache HTTP > > >> Server Project. > > >> See <URL:http://httpd.apache.org/userslist.html> for more > > >> info. > > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > >> " from the digest: users-digest-unsubscr...@httpd.apache.org > > >> For additional commands, e-mail: users-h...@httpd.apache.org > > >> > > >> > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- > > >The official User-To-User support forum of the > Apache > > HTTP Server Project. > > >See <URL:http://httpd.apache.org/userslist.html> for more > > info. > > >To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > > " from the digest: > > users-digest-unsubscr...@httpd.apache.org > > >For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache > HTTP > > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more > > info. > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > " from the digest: users-digest-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more > info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
