.htaccess: Replace "SetEnv HTTP_MOD_REWRITE On" with "RewriteRule .* - [E=HTTP_MOD_REWRITE:On]"?

Taitava · 29 May 2019 13:19

Silverstripe Version: 4.3

Question:

Hi,

I just deployed a website to a new service provider which apparently does not have Apache’s mod_env enabled. This caused an issue with the .htaccess file which uses a command SetEnv HTTP_MOD_REWRITE On. This command caused an error message saying public/.htaccess: Invalid command 'SetEnv', perhaps misspelled or defined by a module not included in the server configuration

The service provider suggested me to remove that line and use this one instead: RewriteRule .* - [E=HTTP_MOD_REWRITE:On]. Since we are already using mod_rewrite in the section where the environment variable is supposed to be set, could this be the official way to do this?

If you think that this would be a good idea, I can create an issue in GitHub and also a pull request.

And here is a complete .htaccess file with both the normal way to set the environment variable and the suggested new way to do it:

### SILVERSTRIPE START ###
# Deny access to templates (but allow from localhost)
<Files *.ss>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Files>

# Deny access to IIS configuration
<Files web.config>
    Order deny,allow
    Deny from all
</Files>

# Deny access to YAML configuration files which might include sensitive information
<Files ~ "\.ya?ml$">
    Order allow,deny
    Deny from all
</Files>

# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_rewrite.c>

    # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
    <IfModule mod_dir.c>
        DirectoryIndex disabled
        DirectorySlash On
    </IfModule>

    # OLD WAY TO SET THE VARIABLE:
    SetEnv HTTP_MOD_REWRITE On
    RewriteEngine On
   # NEW WAY TO SET THE VARIABLE: (Note that this must become after the "RewriteEngine On" line!)
    RewriteRule .* - [E=HTTP_MOD_REWRITE:On]
    RewriteBase '/public'

    

    # Deny access to potentially sensitive files and folders
    RewriteRule ^vendor(/|$) - [F,L,NC]
    RewriteRule ^\.env - [F,L,NC]
    RewriteRule silverstripe-cache(/|$) - [F,L,NC]
    RewriteRule composer\.(json|lock) - [F,L,NC]
    RewriteRule (error|silverstripe|debug)\.log - [F,L,NC]

    # Process through SilverStripe if no file with the requested name exists.
    # Pass through the original path as a query parameter, and retain the existing parameters.
    # Try finding framework in the vendor folder first
    RewriteCond %{REQUEST_URI} ^(.*)$
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule .* index.php
</IfModule>
### SILVERSTRIPE END ###

horneczki.gabor · 25 July 2023 17:33

It works well for 4.12, thank you!
For 5.0 remains the 500 error, without detailed server failure description.