1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Allow/Deny Directives No Longer Work

Discussion in 'Plesk for Linux - 8.x and Older' started by StvnT, Jan 7, 2011.

  1. StvnT

    StvnT New Pleskian

    15
    85%
    Joined:
    Jan 6, 2011
    Messages:
    9
    Likes Received:
    0
    Has anyone encountered anything like this before?

    We're running Plesk 8.1.1 on two servers and recently they both started ignoring Allow/Deny directives in vhost.conf and .htaccess files. This appears to be server-wide on both machines.
    Apache reports no errors and the rest of the settings contained in the vhost.conf and .htaccess files run fine. All other modules seem to be working fine.
    We experimented and tested domains that were known to be working correctly as well as with newly created domains but aren't able to get Allow/Deny to work at all.

    Nothing had changed in our configurations prior to the issue so we're not sure why working systems would have suddenly stopped.
    mod_authz_host is configured in the httpd.conf to load and shows up when running httpd -t -D DUMP_MODULES.

    Both of our affected servers are running Plesk 8.1.1. Maybe a bug?

    Mac Mini
    Fedora Core 5
    Plesk 8.1.1
    Apache 2.2
     
  2. StvnT

    StvnT New Pleskian

    15
    85%
    Joined:
    Jan 6, 2011
    Messages:
    9
    Likes Received:
    0
    Anyone????
     
  3. Jllynch

    Jllynch Regular Pleskian

    28
     
    Joined:
    Nov 11, 2003
    Messages:
    242
    Likes Received:
    0
    We are having the same issue. Anyone know what is going on?
     
  4. Jllynch

    Jllynch Regular Pleskian

    28
     
    Joined:
    Nov 11, 2003
    Messages:
    242
    Likes Received:
    0
    StvnT are you able to post the part of your .htaccess file that does this?
     
  5. StvnT

    StvnT New Pleskian

    15
    85%
    Joined:
    Jan 6, 2011
    Messages:
    9
    Likes Received:
    0
    Thanks for replying Jllynch and sorry you're having a similar issue.

    Our vhost.conf and .htaccess are pretty simple:

    .htaccess:
    order deny,allow
    deny from all

    vhost.conf:
    <Directory /var/www/vhosts/example.com/httpdocs/>
    order deny,allow
    deny from all
    </Directory>
     
  6. StvnT

    StvnT New Pleskian

    15
    85%
    Joined:
    Jan 6, 2011
    Messages:
    9
    Likes Received:
    0
    We've also noticed that .htaccess files can be directly access even though they are specifically denied in our apache config:

    <Files ~ "~\.ht">
    Order allow,deny
    Deny from all
    </Files>

    So, http://www.example.com/.htaccess would load the .htaccess file even though it should be blocked.

    We've reached out and purchased Plesk support but have apparently entered a support black hole. We got a confirmation of payment but no instructions on submitting a ticket, no support ID (so we can't submit a ticket https://www.parallels.com/support/plesk/form/), our phone calls have been bounced around without ever reaching a support person, and our Parallels Plesk rep isn't able to help. We're concerned about the security implications this means and my hope is that maybe a mod or someone who can get the ball rolling can help us get us the support we've paid for...
     
  7. Jllynch

    Jllynch Regular Pleskian

    28
     
    Joined:
    Nov 11, 2003
    Messages:
    242
    Likes Received:
    0
    Yep I can verify that .htaccess files are also being displayed as plain text, instead of getting a 403 forbiden request.
     
  8. Jllynch

    Jllynch Regular Pleskian

    28
     
    Joined:
    Nov 11, 2003
    Messages:
    242
    Likes Received:
    0
    Are you using Sitebuilder on the site at all? Is it sitebuilder related?

    Any update there at all?
     
    Last edited: Jan 25, 2011
Loading...