.htaccess problems

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

.htaccess problems

Gervase Markham
Hi everyone,

What do we do about the mess that is .htaccess files?

Way back when, it was decided that we should autogenerate these rather
than just ship them, because some of them lived in directories which
were also auto-created rather than shipped.
https://bugzilla.mozilla.org/show_bug.cgi?id=76154

Now we have a problem because they need to be upgraded due to an Apache
permissions syntax change, otherwise things stop working with a
hard-to-diagnose error when someone upgrades their Apache (or moves an
installation from one machine to another, or upgrades their OS, or
something else).

Ideally, we would do this automatically. However, it's not easy, for a
number of reasons. Firstly, we don't ship the files in our repo. And we
can't move to doing so because AIUI, any "git pull" which contained
.htaccess files, run on a current Bugzilla, would die with a "you have
files in the way" problem. Secondly, the user may have edited the
.htaccess files, perhaps because their access control setup is complex.

My proposal is to get checksetup.pl to check the Apache version and
whether the person is using mod_perl and if so, which version, and any
other variables which might be relevant. If their .htaccess files are
unchanged and they are using the wrong permissions syntax, replace the
files with the right ones. If they have changed the files and are using
the wrong permissions syntax, output a warning so they can fix it
themselves.

Does that sound OK?

LpSolit doesn't like this idea because it requires checksetup.pl to know
all the previous standard contents of .htaccess files, so it knows if
they have been changed or not. That's only one set of contents now, but
I suppose it could be more later.

Gerv

_______________________________________________
dev-apps-bugzilla mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-bugzilla
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists+s6506n84121h51@...>
Reply | Threaded
Open this post in threaded view
|

Re: .htaccess problems

Jochen Wiedmann
On Tue, Aug 18, 2015 at 7:01 PM, Gervase Markham <[hidden email]> wrote:

> My proposal is to get checksetup.pl to check the Apache version and
> whether the person is using mod_perl and if so, which version, and any
> other variables which might be relevant.

How do you propose to do that? Also keep in mind, that there are still
other HTTP servers out there.

Jochen

--
Any world that can produce the Taj Mahal, William Shakespeare,
and Stripe toothpaste can't be all bad. (C.R. MacNamara, One Two Three)
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists+s6506n84121h51@...>
Reply | Threaded
Open this post in threaded view
|

Re: .htaccess problems

Gervase Markham
On 19/08/15 06:30, Jochen Wiedmann wrote:
>> My proposal is to get checksetup.pl to check the Apache version and
>> whether the person is using mod_perl and if so, which version, and any
>> other variables which might be relevant.
>
> How do you propose to do that? Also keep in mind, that there are still
> other HTTP servers out there.

So .htaccess is a cross-server standard? Have they all agreed to this
change in syntax for defining how access control works, then?

We don't seem to have had issues with our .htaccess files not being
cross-server compatible in the past.

Gerv

-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists+s6506n84121h51@...>
Reply | Threaded
Open this post in threaded view
|

Re: .htaccess problems

Jochen Wiedmann
On Wed, Aug 19, 2015 at 10:27 AM, Gervase Markham <[hidden email]> wrote:
>
> So .htaccess is a cross-server standard? Have they all agreed to this
> change in syntax for defining how access control works, then?

My point is, that detecting the httpd version should include something
like "Not Apache at all", in which case generation of .htaccess files
ought to be suppressed at all.

Jochen

--
Any world that can produce the Taj Mahal, William Shakespeare,
and Stripe toothpaste can't be all bad. (C.R. MacNamara, One Two Three)
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists+s6506n84121h51@...>
Reply | Threaded
Open this post in threaded view
|

Re: .htaccess problems

Gervase Markham
On 19/08/15 11:41, Jochen Wiedmann wrote:
> My point is, that detecting the httpd version should include something
> like "Not Apache at all", in which case generation of .htaccess files
> ought to be suppressed at all.

That sounds like a much larger issue than this one. Bugzilla's .htaccess
files have assumed Apache syntax (that's what the definition is - see
https://en.wikipedia.org/wiki/.htaccess#Format ) and I see no reason why
they shouldn't continue to do so.

Gerv

-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists+s6506n84121h51@...>
Reply | Threaded
Open this post in threaded view
|

Re: .htaccess problems

Frédéric Buclin
In reply to this post by Jochen Wiedmann
Le 19. 08. 15 12:41, Jochen Wiedmann a écrit :
> My point is, that detecting the httpd version should include something
> like "Not Apache at all", in which case generation of .htaccess files
> ought to be suppressed at all.

If you don't use Apache, you can already disable the creation of
.htaccess from localconfig. Just set $create_htaccess = 0.


LpSolit

-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists+s6506n84121h51@...>