.htaccess "Options not allowed here" - apache

I have this in my .htaccess:
Options +FollowSymLinks
And I get the following error in the apache error_log:
.htaccess: Options not allowed here
Here's the part from my httpd.conf file:
#htdocs symlinks here
<Directory /Users/you/code/my/folder>
Options All
AllowOverride All
</Directory>
<Directory />
Options All
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory "/Applications/XAMPP/xamppfiles/htdocs">
Options All
AllowOverride All
Order allow,deny
Allow from all
</Directory>
So I'm setting Options All and AllowOverride All everywhere, but STILL I'm not allowed to set the option. Can anyone make sense of this?
Thanks,
MrB

Note that this is a XAMPP-specific issue. XAMPP loads some additional configuration files located in XAMPP/etc/extra/ that override httpd.conf. For me the offending file is http-userdir.conf which applies rules for ~user requests and contains the line AllowOverride FileInfo AuthConfig Limit Indexes and changing that line to AllowOverride All did indeed solve my issue.
This only applies to files served from your /Sites/ directory on OS X. I don't know if the Windows version uses UserDir at all or even has a similar rule.

in my case I end up with change the line AllowOverride AuthConfig FileInfo to AllowOverride All in file httpd-vhosts.conf where this file is located in apache\conf\extra folder

You have to allow overrides for "Options" within directory context. there's no need to:
vhost/directory config:
AllowOverride All
But only to permit overrides for 'Options':
AllowOverride {Existing options to override} +Options

I guess there is a global AllowOverride setting in your apache config which disallows this. Can you grep for AllowOverride in your httpd.conf?

I just installed the most recent version of XAMPP and thought to share how I solved the same problem.
This is a XAMPP specific setting (with every new XAMPP install). The most recent up to date XAMPP as of today - XAMPP 1.8.3 have a setting in /xampp/apache/conf/extra/httpd-xampp.conf that's causing your "Server Error" message.
And then you get the following error in your error log:
.htaccess: Options not allowed here
Open /xampp/apache/conf/extra/httpd-xampp.conf and find:
<Directory "/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
and change
AllowOverride AuthConfig
with
AllowOverride All
No authentication or authorization will be required after the change UNLESS you specify it in your httpd.conf, extra confs or in .htaccess.
You may also want to read the Apache documentation for the option AllowOverride http://httpd.apache.org/docs/current/en/mod/core.html#allowoverride and choose more optimal and secure setting that will allow you to use your .htaccess without causing a server error.
Also keep in mind that you can find a better place to rewrite the rule above depending on the results that you'd like to achieve. In my case this is a satisfactory change.

instead of changing the global AllowOverride settings in your main httpd.conf file, if you have a httpd-vhosts.conf file you would want to put directory specific AllowOverride All directives in each host entry that you need it in, so you can keep a restrictive set on the rest of the server realm.

Change Options +FollowSymLinks into Options +SymLinksIfOwnerMatch in all instances of .htaccess file, the followsymlinks has been disabled on many server due to security risk.

On Debian 9 i edited the file /etc/apache2/mods-available/userdir.conf
Disabled this line
AllowOverride FileInfo AuthConfig Limit Indexes
Added this line
Allowoverride All
And it worked fine.
Many thanks to all who contributed

Does the server your domain is hosted on fulfills all requirements needed for Elgg? Especially, is mod_rewrite available?
Re-check all steps you had done.
If mod_rewrite is working... Do you have access to the configuration (http.conf) of Apache on your server? If yes, add the following lines (adjust the path):
AllowOverride All

Related

htaccess to disable directory browsing in Apache/2.4.10 (Debian) doesn't work

I create a .htaccess file with this content: (in the folder of the site)
#Disable directory indexes
Options -Indexes
But I still see the directories in the browser.
And in apache2.conf I rewrite this:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
What did I do wrong?
If that didn't work and you got no error then it looks like .htaccess files are not enabled on your server. You'll need something like AllowOverride All in the server config that controls this area of the filesystem.
At the very least you would need the following to permit just that one directive.
AllowOverride Options=Indexes

Apache : Directory index forbidden by Options directive:/srv/www/htdocs/testFolder

Saw duplicate questions and solutions, does not seem to solve the below problem
I am trying to allow access to a folder through apache, and the /var/log/apache2/ throws the above error.
My httpd.conf is
# forbid access to the entire filesystem by default
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
I tried with Options +Indexes, Options All which doesnt seem to work. Tried to change permissions of the folder too. Added a dummy index.html in the folder as well
The folder is located at /srv/www/htdocs/testFolder.
Any ideas?
had to add files explicitly the files in the conf file
<Directory /srv/www/htdocs/HDP-UTILS-1.1.0.20>
Options +Indexes
</Directory>
<Directory /srv/www/htdocs/HDP>
Options +Indexes
</Directory>
I resolved a similar where Apache was throwing 403 error while trying to access the index.html file the issue was resolved by creating a index.hmtl in /srv/www/htdocs directory.
url: http://localhost:80/
The Suse Apache didn't create a index.html file by default don't know why.
Change your config to
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
After that create an .htaccess file in your folder and add
Options +Indexes
to it. You probably need to reload your apache.

Laravel 4 - Options not allowed here in the .htaccess

I have installed Laravel 4 on my public_html folder locally, and I can access its public folder when declaring a vhost pointing to it, through the vhost url.
But, when I try to access Laravel public folder through its parent folders, I get an error in apache logs (error_log): $LARAVEL_HOME/public/.htaccess: Options not allowed here. Even if there is a AllowOverride All in $VHOST_CONF/site.
The first line in the .htaccess (Options Multiviews), is causing this error when I delete it, or put it in $VHOST_CONF/site, it works.
So, How do I do to I access through the hierarchy, without modifying the .htaccess file?
In the Apache configuration file for the website set AllowOverride to AllowOverride All similar to the following:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
# changed from None to All
AllowOverride All
Order allow,deny
allow from all
</Directory>

Disable directory listing on apache; but access to individual files should be allowed

I do not want to use .htaccess. How should I change my Directory attributes?
<VirtualHost *:80>
ServerName abc.com
DocumentRoot /usr/share/uploads
<Directory " /usr/share/uploads">
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
If you are using Debian/Ubuntu, just go to terminal and type
sudo a2dismod autoindex
sudo service apache2 restart
If you are using Centos/Fedora, just do:
mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.bkp
/etc/init.d/httpd restart
And similarly in other OS or distros...
This should disable the apache module that makes those fancy (normally useless and a security problem) directory listings. Also, as a bonus, you earn a bit of performance :-)
I really couldnt find a direct answer on internet ; even on apache documentation. Finally, could find the solution through few iterations; we need to use Options and the value should NOT contain Indexes.
<Directory "/usr/share/uploads">
Options Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
The #Deepak solution did not worked for me. This one did:
In the main apace configuration /etc/apache2/httpd.conf just add:
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
And it will work for all of you domains and subdomains. Without .htaccess file.
All done above, but the directory info is still coming up?
If you use index.php, rather than index.html, Check the following:
<IfModule dir_module>
DirectoryIndex index.php
</IfModule>
on my AWS ec2, i did this and it worked for me.
First open /etc/httpd/conf/httpd.conf file.
modify/add
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
The easiest way would be to put an empty index.html (or whatever you apache is configured to deliver by default) inside that directory.
This is not a real solution but a very simple workaround. The user browsing that directory would just see a blank white page.
Further you could use a script (like index.php) wich emulates the directory-listing and only shows some special files.

Apache loads any file that begins with the same string as used in url. How to prevent this?

If I point to:
mywebsite.com/search
and there is a file called search.php or search.html or search.inc.php or search.whatthehell.php in website's directory, Apache will point to that file instead of 404'ing.
What is even more annoying is that if I point to:
mywebsite.com/search/string?also=whatever
Apache will still display any file with filename that begins with "search.".
Also, all RewriteRules with patterns containing filenames existing in directory are ignored/useless.
I'm using Apache 2 on Mac, unmodified httpd.conf. How do I prevent it from redirecting my urls so freely?
You will have to disable MultiViews option using Options directive. This is a feature of the apache content negotiation module, so if you don't use mod_negotiation you can just unload it.
http://httpd.apache.org/docs/2.0/content-negotiation.html
Example of how to disable MultiViews for the /var/www directory:
<Directory /var/www/>
Options Indexes FollowSymLinks -MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
http://httpd.apache.org/docs/2.0/mod/mod_negotiation.html#multiviews