Support

Admin Tools

#38808 Htaccess Maker - Issues with CloudAccess hosting environment

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.2.9
PHP version
8.0.28
Admin Tools version
7.3.2

Latest post by karjoco on Tuesday, 23 April 2024 12:24 CDT

Thursday, 30 March 2023 13:37 CDT

karjoco

I have a ton of Joomla sites on CloudAccess, and I've had issues using the "Htaccess Maker" in Akeeba Admin Tools. This is frustrating, as I would really, really like to be able to use it, and all its features. Let's focus on one site, and see if we can resolve the problem: https://brokenarrowcreede.com

Before ever touching the Htaccess Maker, I receive the following message inside of Admin Tools: "Your server config file may need to be rebuilt. Admin Tools detected that your server configuration file (ie .htaccess, nginx.conf or web.config) has been modified. We strongly suggest you to put any manual edit inside the Custom rules fields, so you won't lose them if you ever regenerate the file using Admin Tools"
IF I hit "Regenerate" at this point, my site goes down (500 error).
IF I go into the htaccess maker, disable all options, and create a new htaccess file, my site goes down (500 error).

I've attached the three files for your reference.
Htaccess.txt is the file that works; the other two throw 500 errors)

When I submitted a support ticket to CloudAccess, this is what they told me:

"I tested both htaccess files and they both had the same issue - the "Invalid command '<If ', perhaps misspelled or defined by a module not included in the server configuration". I have commented out these settings (I had to comment out everything that had <If in it) and the site is now working, specifically on the Regenerate version of the file"

Is there a setting within AdminTools or the Htacess Maker that I can use to fix this problem? Any ideas?

Kara

Thursday, 30 March 2023 13:39 CDT

karjoco

Note, the system didn't allow me to attach the htaccess files. Please let me know if you need them. Here is an example of the section that won't work on CloudAcces's server:

 

##### Always allow TinyMCE plugin files to load scripts (they need to)
<If "%{REQUEST_URI} =~ m#^/media/plg_editors_tinymce/js/plugins/#">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>
</If>
##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- BEGIN
<If "%{REQUEST_URI} == '/administrator/components/com_akeeba/restore.php'">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>
</If>
<If "%{REQUEST_URI} == '/administrator/components/com_akeebabackup/restore.php'">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>

Friday, 31 March 2023 01:18 CDT

nicholas

The If directive (they are called “directives”, not “commands”) IS NOT invalid. As a proof, I am going to link to the official Apache documentation and the official Apache blog.

The If directive was introduced in Apache 2.4.0 which was released on February 21st, 2012, more than eleven (11) years ago.

The previous version of Apache, 2.2, became End of Life on July 11th, 2017, five years and 8 months ago.

While CentOS was the last Linux distribution to patch Apache 2.2 in their Long Term Support release, RedHat discontinued CentOS in December 2020, taking effect in March 2021. Therefore, there has been no secure incarnation of Apache 2.2 for at least two years.

This is why we dropped support for Apache 2.2. Nobody in their right mind would use it on production.

If your host claims that the <If> directive is invalid it means that they are using a version of Apache which is out of date for at least 5 years and 8 months, it has major vulnerabilities, and is not suitable for production use OR they are using a different web server which is incompatible with Apache (which is weird, because the only other Apache-compatible server I know of is LiteSpeed which does support the If directive, as I know from using it on some of my live sites including my blog) but they are selling their hosting as such. In the former case I would advise changing hosts for obvious security issues. In the latter case I would advise changing hosts because an incompatible server stack just causes problems.

I think you need to escalate your ticket and see if they really do use an out of date version of Apache.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 31 March 2023 05:34 CDT

nicholas

I remembered that CloudAccess.net is also the provider of the free demo sites at joomla.com. I created a site there and could reproduce the issue.

The problem is not exactly what the support tech told you.

CloudAccess does use Apache 2.4, therefore the If directive. However, either because it's an old version or because it's a modified version it does not support the m (match) operator in front of the first fence character of regular expressions. We can't remove that because that would break newer servers.

Thankfully, Apache 2.4 still supports the older methods we used for conditionally applying HTTP headers on Apache 2.0 and 2.2 (using SetEnvIf). I rewrote the .htaccess code to use these older methods and I have confirmed it works just fine on CloudAccess.net.

Please download and install the latest dev release from https://www.akeeba.com/download/admin-tools-professional/7-3-3-dev202303311030-revc371056f.html. It is the same thing as version 7.3.2 released yesterday, plus the workaround I described above. You should be able to create a .htaccess file with it without much trouble.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 23 April 2024 12:24 CDT

karjoco

Do you know if the Htaccess Maker works better on Cloudaccess now? Any tips to making it work properly?

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!