View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003355||OXID eShop (all versions)||6. ------ Setup -------||public||2011-11-06 10:54||2015-09-10 15:25|
|Priority||urgent||Severity||block||Reproducibility||have not tried|
|Product Version||4.5.4 revision 39463|
|Target Version||Fixed in Version|
|Summary||0003355: mod_rewrite vs. .htaccess|
|Description||Please check again the issue from https://bugs.oxid-esales.com/view.php?id=1353 as it seems to be back in actual version.|
See thread here:
|Tags||No tags attached.|
The problem is:
if you protect the shop folder using auth via .htaccess the setup screen complains about missing mod_rewrite (and won't let the user continue the setup process)!
This is incorrect because the method checkModRewrite() in oxsysrequirements.php sends a POST-request against oxseo.php and checks if the response has the string "mod_rewrite_on" in it.
While the requests runs against the authentification it doens't have that string. Nevertheless mod_rewrite might be present.
Best solution: check returned http status code to identify required auth, let the user input the username and password and request again using auth.
5 minute fast solution: add a text output to installation screen, telling the user that he has to disable any authentification while running the setup.
another fast solution without modifying giant amount of code would be a tiny redirect-rule for this test. something like "mod_rewrite_check.php?passed=false" that is rewritten with a tiny rule to "mod_rewrite_check.php?passed=true", maybe this can be used for the whole test.
at setup-process it can be the first step that is tested/redirected ... if its not redirected there is no mod_rewrite.
another method would be an additional way to detect:
>>another fast solution without modifying giant amount of code would be a tiny redirect-rule for this test. something like "mod_rewrite_check.php?passed=false" that is rewritten with a tiny rule to "mod_rewrite_check.php?passed=true", maybe this can be used for the whole test.
This wouldn't change anything if your shop folder is protected via .htaccess, see my description above. Oxid is doing it this way and that is the cause of the problem.
>>another method would be an additional way to detect:
This check only works for Apache. Some people don't run Oxid on Apache but e.g on Nginx. I don't think this is a good idea. ;)
The best solution at this time is just to add.:
Deny from All
Allow from localhost #hostname where the shop is
In this scenario all the request from the same server (localhost) will IGNORE
the Authentification and allow for mod_rewrite to change the request.
Added a comment to the beggining of the .htaccess file of how to correctly
Re-opened this bug.
As this has been a discussion and an issue for a while, please talk to me. Maybe next week in Freiburg should be a good chance ;)
maybe i was misinterpreted, i'll try to explain it later (i ment a redirect to the check-page, because if rewrite is active a parameter is set, otherwise not)
In some future versions it's planned to rebuild the setup in general and improve some parts, including the system requirements check and this case also.
So until then this entry is suspended (we have reference to that inserted in out internal backlog).
Thanks for your feedback.