CODEWITHSUNDEEP
apache.htaccessdrupal-7
naomi
naomi

Reputation: 1984

"Require not allowed here" after drupal update

Just upgraded Drupal to 7.55 and got a 500 error. Opened up logs/error.log and saw this appearing since the upgrade:

<site-root>/.htaccess: Require not allowed here

I see that the update has replaced this: 

<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
        Order allow,deny
    </FilesMatch>

With this:

<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order allow,deny
  </IfModule>
</FilesMatch>

I've changed it back and now it seems OK, but what is the problem here?

Upvotes: 2

Views: 7015

Answers (2)

whatever
whatever

Reputation: 434

"Require" is a type of AuthConfig directives. You need to specify, in httpd.conf, that type of directives is allowed in .htaccess.

<Directory DIRECTORY>
    ...
    AllowOverride AuthConfig
</Directory>

Here DIRECTORY is the directory where .htaccess is located.

See https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride

Upvotes: 1

C3roe
C3roe

Reputation: 96417

.htaccess: Require not allowed here

Your server configuration must allow that you use that directive in .htaccess

http://httpd.apache.org/docs/2.2/mod/core.html#require says,

Override: AuthConfig

and that means AllowOverride needs to include AuthConfig or be set to All, for you to be able to use the Require directive in .htaccess context.

Upvotes: 4

Related Questions