SymLinksIfOwnerMatch in .htaccess throws an error

stevenospam · February 14, 2017, 03:57:47 PM

When I try to access my just upgraded roundcube 1.2.3 I get the message:
.htaccess: Option SymLinksIfOwnerMatch not allowed here

If I comment out the Option SymLinksIfOwnerMatch in .htaccess, I can get to my inbox & addresses without a problem. I've done the upgrade on my test system. I'd like to know if I can safely run without Option SymLinksIfOwnerMatch.

SKaero · February 14, 2017, 06:05:28 PM

Yes its fine to run without that in the .htaccess.

Tron · April 01, 2017, 10:17:52 AM

Hello,

I'd like to hop in on this as I'm getting the same error, but only when I try to use SSL. I recently decided to make my installation a bit more secure. Without SSL, roundcube (latest stable verion) works like a charm. However, when using SSL/https, I get an 500 Internal Server Error (Apache 2.4.10 on Debian Linux).

Uncommenting the Option in .htaccess does not help, I get the same error with the next lines, RewriteEngine, RewriteRule and so on.

Any ideas?

Thanks in Advance!

SKaero · April 01, 2017, 12:42:08 PM

What error do you get in your apache error log?

Tron · April 02, 2017, 05:14:20 AM

These errors (I commented the offending line in .htaccess, so the next error shows the next offending line).

[Sat Apr 01 15:36:55.605682 2017] [core:alert] [pid 19945] [client 127.0.0.1:40590] /var/www/roundcube/.htaccess: Option SymLinksIfOwnerMatch not allowed here
[Sat Apr 01 15:38:00.022637 2017] [core:alert] [pid 19946] [client 127.0.0.1:40592] /var/www/roundcube/.htaccess: RewriteEngine not allowed here
[Sat Apr 01 15:38:02.306824 2017] [core:alert] [pid 19947] [client 127.0.0.1:40594] /var/www/roundcube/.htaccess: RewriteEngine not allowed here
[Sat Apr 01 15:38:29.781513 2017] [core:alert] [pid 19948] [client 127.0.0.1:40596] /var/www/roundcube/.htaccess: RewriteRule not allowed here
[Sat Apr 01 15:38:30.995357 2017] [core:alert] [pid 19949] [client 127.0.0.1:40598] /var/www/roundcube/.htaccess: RewriteRule not allowed here
[Sat Apr 01 15:39:34.732903 2017] [core:alert] [pid 19945] [client 127.0.0.1:40600] /var/www/roundcube/.htaccess: AddType not allowed here

Access was, as you can see, from localhost. I need to add that SSL connections to other pages on the same host work fine.

rm13 · April 06, 2017, 06:15:53 PM

For Debian check your /etc/apache2/conf-enabled/security.conf

And the config file for your secure site. Probably in /etc/apache2/sites-enabled/

It looks like one of those files is preventing the .htaccess file from using those settings. Look for a line like this:

AllowOverride None

And see if it applies to your roundcube install path.

Tron · April 07, 2017, 02:18:18 AM

Thanks for the hints, I'll look into it tonight.

Tron · April 07, 2017, 09:19:29 AM

Ah, obviously "AllowOverrride AuthConfig Limits Options" wasn't enough for Roundcube :-)