500 internal server errors with ANY adjustments to htaccess

[lextech]

v2.2 RC2

 

I want to add the security add ons that are in the security thread stickied to the top of the forum, however no matter how much or how little of the information I add to the htaccess file at /public_html/osCommerce/admin/ any change in the htaccess file at that location throws a 500 internal server error.

 

(1) should I be editing a different htaccess file for the add ons?

(2) aside of putting the info at the bottom of each htaccess file, is there something I am not doing?

(3) I am using text edit on my mac, should be plain editing with no problems? I have dreamweaver if not.

(4) see my htaccess file in stock form below:

 

# $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)
# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers
#<IfModule mod_setenvif.c>
#  <IfDefine SSL>
#    SetEnvIf User-Agent ".*MSIE.*" \
#             nokeepalive ssl-unclean-shutdown \
#             downgrade-1.0 force-response-1.0
#  </IfDefine>
#</IfModule>
# If Search Engine Friendly URLs do not work, try enabling the
# following Apache configuration parameter
# AcceptPathInfo On
# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)
# php_value session.use_trans_sid 0
# php_value register_globals 1
Options All -Indexes

[MrPhil]

So, any changes you make to a particular .htaccess file is causing 500 Internal Server errors? That means that you're making a mistake in the editing or file transfer, or you're giving invalid commands. For example, many servers don't allow php_value or php_flag -- you have to put those settings in a php.ini file. You'll have to show us exactly what changes you're making, and tell us whether you're editing on the server or downloading to a PC, editing, uploading (with what and in what mode). Also read my sig > FAQs > "500 (Internal Server) Errors". You can always ask your host if certain .htaccess commands are permitted on their server.

[lextech]

Hi there! Thanks. Ok so I have the htacces file above and then I add something from the htaccess protection file in the sticky like this:

 

# $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)
# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers
#<IfModule mod_setenvif.c>
#  <IfDefine SSL>
#    SetEnvIf User-Agent ".*MSIE.*" \
#             nokeepalive ssl-unclean-shutdown \
#             downgrade-1.0 force-response-1.0
#  </IfDefine>
#</IfModule>
# If Search Engine Friendly URLs do not work, try enabling the
# following Apache configuration parameter
# AcceptPathInfo On
# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)
# php_value session.use_trans_sid 0
# php_value register_globals 1
Options All -Indexes

# Deny domain access to spammers and other scumbags

RewriteEngine on

php_flag register_globals off

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots

Deny from env=block_bad_bots

 

I have just added it to the bottom of the file, and get the error. Did I do it incorrectly?

 

I have done many different scripting exercises and fixes since 2003 when I first started running OSC, but I have never had formal training on htaccess files. I'd like to learn so I can do these security add ons.

 

Not specific to this particular set of commands, any of them from the sticky throw the error.

[MrPhil]

The most likely problem is that your host does not allow php_flag (and php_value) in .htaccess. Ask them. You may have to move the register globals setting to php.ini, if it's needed at all (osC 2.2 RC1 and later don't care if it's on or off). I don't know about the

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots

Deny from env=block_bad_bots

lines. I've never seen it done that way before. You'd better run them by your host's tech support. Not all servers may allow those commands. You might rewrite that into the format of RewriteCond to check the {%USER_AGENT} setting and RewriteRule to fail the request.

[lextech]

The most likely problem is that your host does not allow php_flag (and php_value) in .htaccess. Ask them. You may have to move the register globals setting to php.ini, if it's needed at all (osC 2.2 RC1 and later don't care if it's on or off). I don't know about the

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots

Deny from env=block_bad_bots

lines. I've never seen it done that way before. You'd better run them by your host's tech support. Not all servers may allow those commands. You might rewrite that into the format of RewriteCond to check the {%USER_AGENT} setting and RewriteRule to fail the request.

 

Thank you for your responses :) I found that most of the errors I was getting was due to things not being commented out properly in the htaccess protection file that is in the sticky thread up top. After fixing that the only issue was the php_flag globals line had to be removed for the error to go away. :)

 

Thanks!