DokuWiki

IMPORTANT!

This is the old issue tracking system for DokuWiki. Issues can not be added here anymore. Pleaser refer to https://github.com/splitbrain/dokuwiki/issues for the new system.

IMPORTANT!
Tasklist

FS#2750 - .htaccess: Satisfy not allowed here

Attached to Project: DokuWiki
Opened by Ivan Adzhubey (bamyasi) - Tuesday, 19 March 2013, 00:37 GMT
Last edited by Andreas Gohr (andi) - Friday, 19 April 2013, 08:53 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Operating System All
Severity High
Priority Normal
Reported Version rc2013-03-06 "Weatherwax"
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

I have installed DW rc2013-03-06 under Apache2 v2.2.22 server. After enabling .htaccess processing in the server configuration, I am receiving "Server Error 500" messages and the following alerts in the Apache logs:

[Mon Mar 18 20:21:01 2013] [alert] [client xxx.xxx.xxx.xxx] /var/www/html/doki/data/.htaccess: Satisfy not allowed here

The offending directive is the following line found in all .htaccess files distributed:

$ cat .htaccess
<...>
<Files ~ "^([\._]ht|README$|VERSION$|COPYING$)">
Order allow,deny
Deny from all
Satisfy All <--- !!!! WRONG DIRECTIVE
</Files>

Removing "Satisfy All" line from the <Files> section fixes it.
This task depends upon

Closed by  Andreas Gohr (andi)
Friday, 19 April 2013, 08:53 GMT
Reason for closing:  Fixed
Additional comments about closing:  8e06db68
Comment by Anika Henke (ach) - Tuesday, 19 March 2013, 10:38 GMT
This seems to be a server misconfiguration. Googling found you need to add "AuthConfig" to the "AllowOverride" directive.
Comment by Ivan Adzhubey (bamyasi) - Tuesday, 19 March 2013, 15:26 GMT
Yes, I figured this out after searching DokuWiki Wiki. However, the main Security article linked from the Installation page, Step 2 does not include this this directive:

Deny Directory Access in Apache
<...>
Default for AllowOverride in the <Directory /var/www/> is none, should be Limit. If you want to allow rewrites, add 'FileInfo' as well. See http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride for more information.

So it talks only about adding Limit & (optionally) FileInfo directives.

There are two other pages on the Wiki mentioning AuthConfig directive but they are not linked from the main Installation instructions and need to be searched manually.

Also, the question is: why do we need "Satisfy all" at all? This is the default mode for Apache2.
Comment by Andreas Gohr (andi) - Friday, 19 April 2013, 08:49 GMT
http://serverfault.com/questions/136247/what-does-the-apache-satisfy-directive-do agrees that Satisfy All is not needed as long as there are no Allow rules anyway

Loading...