just installed 1.5 final to my live site and got this
Apache .htaccess Support = OFF should I take it up with my host
just installed 1.5 final to my live site and got this
Apache .htaccess Support = OFF should I take it up with my host
What ever your doing remember to KISS ( Keep It Simple Stupid )
Yes, you need to talk to them ASAP.
Please do not PM for support issues: a private solution doesn't benefit the community.
Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.
Just got this from my web host
Thanks for contacting us.
.htaccess support is enabled by default on our systems, looking in your webspace you have one already there that is extensively used.
Do you know how zen cart detects this as it is enabled?
Any ideas why I got the warning?
What ever your doing remember to KISS ( Keep It Simple Stupid )
Zen Cart is looking to see whether the .htaccess files are properly protecting against unauthorized access of files which the .htaccess should be blocking. And if it's able to gain access to those files despite the presence of .htaccess then it raises that warning.
See the Apache section of this article: https://www.zen-cart.com/tutorials/i...hp?article=287
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Heres the reply I've got from my hosting company
Thanks for your reply.
Unfortunately this does not explain how ZenCart itself performs the check on whether Apache .htaccess Support is enabled.
Sadly what you will need to do is contact the ZenCart support in order to find out why the Zen Cart fails this test.
What you may find is that the Zen Cart test is calling the Domain Name from within the hosting, which creates a loopback call which sadly is not permitted by our Firewalls, which would block the test resulting in a fail. Unfortunately if this is the issue, this is something that we cannot enable as it will be detrimental to the shared hosting platform.
I can confirm that all of our servers have .htaccess Support enabled, so its likely down to the Zen Cart itself, which would really need input from their support.
What ever your doing remember to KISS ( Keep It Simple Stupid )
Yes, it's doing a call back to your own store, via CURL, to attempt to access a file that the .htaccess rules should have blocked. It's looking for a response that indicates that the file access has been blocked. It is expecting to NOT receive an HTTP 200 OK response.
If your host's firewall is blocking things, then it would trigger something other than a 200 response, which then Zen Cart would treat as correct.
So, your host's loopback explanation still doesn't make sense, unless their loopback system is incorrectly responding with an HTTP 200 response instead of an actual ERROR response. Perhaps your host should look at how they serve up their error messages.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Their reply:-
Unfortunately our firewalls block any kind of loopback and when it does, it does not provide any kind of response, the check itself will not be able to run as it would be instantly blocked.
I have spoken to our Systems Administrators and they inform me that if there is a way to bypass this check then ZenCart will run without any issues.
Are you able to bypass this check?
Don't like the sound of this.
What ever your doing remember to KISS ( Keep It Simple Stupid )
You normally access your site like this: 'http://your_domain.com/your_store_foldername_if_any/index.php .... right?
If you try to visit 'http://your_domain.com/your_store_foldername_if_any/includes/functions/functions_general.php .... what happens?
That's basically what zc_install is doing, and is expecting to get a 403-forbidden or similar response other than "200 OK".
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Bookmarks