Author Topic: .htaccess: Option All not allowed here  (Read 24195 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
.htaccess: Option All not allowed here
« on: October 23, 2019, 02:47:40 PM »
Hi team I have the following error :

[Wed Oct 23 06:11:49.020391 2019] [core:alert] [pid 23127:tid 140028793538304] [client 34.245.146.101:40398] /home/mibiolin/public_html/mibiolink.cf/.htaccess: Option All not allowed here
[Wed Oct 23 06:11:49.151827 2019] [core:alert] [pid 23127:tid 140028991878912] [client 34.245.146.101:40400] /home/mibiolin/public_html/mibiolink.cf/.htaccess: Option All not allowed here

this is the htaccess file:

Options All -Indexes

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule ^(.+)$ index.php?altum=$1 [QSA,L]

Offline
*
Re: .htaccess: Option All not allowed here
« Reply #1 on: October 24, 2019, 12:01:17 AM »
replace
Options All -Indexes

with
Options -Indexes
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: .htaccess: Option All not allowed here
« Reply #2 on: March 04, 2022, 04:56:56 PM »
replace
Options All -Indexes

with
Options -Indexes
hi @studio4host
I've tried this but still error. I have fixed Permissions , I have rebuilt the web server (web server domainconf menu) but there is still 500 Internal Server Error.
the error is the sub domain not the main domain
this is the content
Code: [Select]
#   BULLETPROOF PRO 16.3.1 SECURE .HTACCESS         

# PHP/PHP.INI HANDLER/CACHE CODE
# Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
# Most Hosts do not have/use/require php/php.ini Handler htaccess code

# TURN OFF YOUR SERVER SIGNATURE
# Suppresses the footer line server version number and ServerName of the serving virtual host
ServerSignature Off

# DO NOT SHOW DIRECTORY LISTING
# Disallow mod_autoindex from displaying a directory listing
# If a 500 Internal Server Error occurs when activating Root BulletProof Mode
# copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
# and paste it into BPS Custom Code and comment out Options -Indexes
# by adding a # sign in front of it.
# Example: #Options -Indexes
Options -Indexes

# DIRECTORY INDEX FORCE INDEX.PHP
# Use index.php as default directory index file. index.html will be ignored.
# If a 500 Internal Server Error occurs when activating Root BulletProof Mode
# copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
# and paste it into BPS Custom Code and comment out DirectoryIndex
# by adding a # sign in front of it.
# Example: #DirectoryIndex index.php index.html /index.php
DirectoryIndex index.php index.html /index.php

# BRUTE FORCE LOGIN PAGE PROTECTION
# PLACEHOLDER ONLY
# Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
# See this link: https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
# for more information.

# BPS PRO ERROR LOGGING AND TRACKING
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# BPS Pro has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
# 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors
# that occur on your website. When a hacker attempts to hack your website the hackers IP address,
# Host name, Request Method, Referering link, the file name or requested resource, the user agent
# of the hacker and the query string used in the hack attempt are logged.
# All BPS Pro log files are htaccess protected so that only you can view them.
# The 400.php, 403.php, 404.php, 405.php and 410.php files are located in /wp-content/plugins/bulletproof-security/
# The 400, 403, 405 and 410 Error logging files are already set up and will automatically start logging errors
# after you install BPS Pro and have activated BulletProof Mode for your Root folder.
# If you would like to log 404 errors you will need to copy the logging code in the BPS Pro 404.php file
# to your Theme's 404.php template file. Simple instructions are included in the BPS Pro 404.php file.
# You can open the BPS Pro 404.php file using the WP Plugins Editor or by using the BPS Pro File Manager.
# NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php Theme template file.

ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
ErrorDocument 401 default
ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
ErrorDocument 404 /404.php
ErrorDocument 405 /wp-content/plugins/bulletproof-security/405.php
ErrorDocument 410 /wp-content/plugins/bulletproof-security/410.php

# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$

# WP-ADMIN/INCLUDES
# Use BPS Custom Code to remove this code permanently.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
RewriteRule ^wp-includes/theme-compat/ - [F]

# WP REWRITE LOOP START
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

# PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES
# To add plugin/theme skip/bypass rules use BPS Custom Code.
# The [S] flag is used to skip following rules. Skip rule [S=12] will skip 12 following RewriteRules.
# The skip rules MUST be in descending consecutive number order: 12, 11, 10, 9...
# If you delete a skip rule, change the other skip rule numbers accordingly.
# Examples: If RewriteRule [S=5] is deleted than change [S=6] to
offline visit : GMaps sedudohost

Offline
***
Re: .htaccess: Option All not allowed here
« Reply #3 on: March 05, 2022, 08:47:56 PM »
Any news on whether or not you got it fixed?

I have some comments for your htaccess file.
- It's filled with junk # notes that will slow every apache request because it has to read this file every time.
- "ServerSignature Off" should be put in the top of the /usr/local/apache/conf/httpd.conf file.
- "Options -Indexes" is not needed because it's already enabled on the default vhost apache configuration for your domain, unless you changed it.
- Same with "DirectoryIndex index.php index.html /index.php"

Either way, your htaccess file should look like this after removing 70 lines of junk code and comments slowing down every apache request:
Code: [Select]
ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
ErrorDocument 404 /404.php
ErrorDocument 405 /wp-content/plugins/bulletproof-security/405.php
ErrorDocument 410 /wp-content/plugins/bulletproof-security/410.php
# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$
# WP-ADMIN/INCLUDES
# Use BPS Custom Code to remove this code permanently.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
RewriteRule ^wp-includes/theme-compat/ - [F]
# WP REWRITE LOOP START
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
# REQUEST METHODS FILTERED
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

But it seems like you have a wordpress plugin controlling your htaccess file, so those junk lines may get re-added.
« Last Edit: March 05, 2022, 08:50:42 PM by iraqiboy90 »

Offline
*
Re: .htaccess: Option All not allowed here
« Reply #4 on: March 06, 2022, 04:12:39 AM »
these codes are created directly by the wordpress plugin "BPS pro".
thank you, now it has been solved, by removing the following code
Code: [Select]
#   BULLETPROOF PRO 16.3.1 SECURE .HTACCESS         

# PHP/PHP.INI HANDLER/CACHE CODE
# Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
# Most Hosts do not have/use/require php/php.ini Handler htaccess code

# TURN OFF YOUR SERVER SIGNATURE
# Suppresses the footer line server version number and ServerName of the serving virtual host
ServerSignature Off

# DO NOT SHOW DIRECTORY LISTING
# Disallow mod_autoindex from displaying a directory listing
# If a 500 Internal Server Error occurs when activating Root BulletProof Mode
# copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
# and paste it into BPS Custom Code and comment out Options -Indexes
# by adding a # sign in front of it.
# Example: #Options -Indexes
Options -Indexes

# DIRECTORY INDEX FORCE INDEX.PHP
# Use index.php as default directory index file. index.html will be ignored.
# If a 500 Internal Server Error occurs when activating Root BulletProof Mode
# copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
# and paste it into BPS Custom Code and comment out DirectoryIndex
# by adding a # sign in front of it.
# Example: #DirectoryIndex index.php index.html /index.php
DirectoryIndex index.php index.html /index.php
offline visit : GMaps sedudohost