SOLVED Apache 2.4 deny from all blocks only css and js files

Ardelean Vlad

Member
Oct 27, 2017
5
1
3
Romania
cPanel Access Level
Root Administrator
I`m using Apache 2.4 and cPanel v66.0.26 and I noticed that the deny from all directive is not working correctly anymore, it blocks only the css and js files, the website is displayed but without the design files.

The problems seems to appear after some cPanel updates (a few month ago it worked correctly), but I`m not sure from which version the problem appeared.

I also noticed that if I use in my .htaccess file only the directive "deny from all" it works, but if I use after that some rewrite rules the site is showing up without loading the css and js files.

Is this an Apache configuration problem?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

Could you let us know the full contents of the .htaccess file?

Thank you.
 

Ardelean Vlad

Member
Oct 27, 2017
5
1
3
Romania
cPanel Access Level
Root Administrator
Hello,

this is the full content of the .htaccess file :


deny from all

Options -Indexes

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php71” package as the default “PHP” programming language.
<IfModule mime_module>
AddType application/x-httpd-ea-php71 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(testfolder.*$|index\.php$) - [L]
###redirect all php files to index.php
RewriteRule ^([^.]+).php$ /index.php [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /index.php [L]
</IfModule>

The problem appears for other account too, I can copy the .htaccess file from it too if you want.

Thank you!
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
For Apache 2.4, you could try:
Code:
Require all denied

Access control
In 2.2, access control based on client hostname, IP address, and other characteristics of client requests was done using the directives Order, Allow, Deny, and Satisfy.

In 2.4, such access control is done in the same way as other authorization checks, using the new module mod_authz_host. The old access control idioms should be replaced by the new authentication mechanisms, although for compatibility with old configurations, the new module mod_access_compat is provided.

Mixing old and new directives
Mixing old directives like Order, Allow or Deny with new ones like Require is technically possible but discouraged. mod_access_compat was created to support configurations containing only old directives to facilitate the 2.4 upgrade. Please check the examples below to get a better idea about issues that might arise.

Here are some examples of old and new ways to do the same access control.

In this example, there is no authentication and all requests are denied.

2.2 configuration:
Order deny,allow
Deny from all
2.4 configuration:
Require all denied
Full details from https://httpd.apache.org/docs/trunk/upgrading.html
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hi,

Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.
 

Ardelean Vlad

Member
Oct 27, 2017
5
1
3
Romania
cPanel Access Level
Root Administrator
Hello,

the problem was solved by the cPanel support. Apparently the server couldn't find the 403 error page so the rewrite rule in the .htaccess "picks up" the request and attempts to process it.
The solution was to use a rule for the error page like :
ErrorDocument 403 "403 Error"

in my .htaccess file, or to set the default error pages like I did now from WHM -> Service Configuration -> Apache Configuration -> Pre VirtualHost Include.
 
  • Like
Reactions: cPanelMichael