Support

Admin Tools

#30282 AllowOveride all -OR- AllowOverride AuthConfig mod_rewrite

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 25 October 2018 17:17 CDT

arthurjohnston
I am the Administrator of the Server.
Will the features installed by .HTACCESS maker work when using " AllowOverride AuthConfig mod_rewrite" rather than "AllowOverride All"?

Thank you,

Arthur

Arthur Johnston

nicholas
Akeeba Staff
Manager
No. In fact, even Joomla's own .htaccess won't work with that. Please read the Apache documentation about AllowOverride to understand why.

At the very least you will need to add FileInfo to enable URL redirection used to provide Joomla's SEF URLs and the basic protection (Frontend and Backend protection rules). If you want to use the custom index option in the .htaccess Maker you need to add Indexes. If you want to use blocking of user agents you need to add Limit and possibly AuthConfig, depending on your server version. If you want to apply optimization (caching, compression) and advanced security rules (anything which adds or manipulates HTTP protocol headers) or anything else I have not listed here you need All or you need to go through the generated directives and put everything that's blocked in a custom AllowOverrideList directive in your Apache configuration's Directory statement.

Of course you can sidestep this issue by not using .htaccess. This is better for performance and security but a pain in the posterior when you need to make small changes. Use the .htaccess Maker normally but do NOT generate an .htaccess. Instead, preview it. All of these directives can be placed inside the virtual host (vhost) configuration file of your Apache installation. If I recall correctly all of them can go into the Directory directive inside your vhost configuration. Since they are inside the actual Apache configuration they only need to be read and parsed once, when you (re)start Apache or reload its configuration. This makes things substantially faster for processing requests. The downside is that updating these directives requires editing the Apache configuration and reloading or restarting Apache when you're done.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

arthurjohnston
Nicholas, as always you have been very helpful.

It appears I cannot avoid using "AllowOverride All". But I will move my directives to a file read by the Vhost configuration.

Thank you,

Arthur



Arthur Johnston

nicholas
Akeeba Staff
Manager
If you are using the host configuration instead of .htaccess you can set AllowOverride AuthConfig

Remember, AllowOverride is only controlling what .htaccess can do. Inside the vhost confit you can do everything, the permission is implicit there.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!