SID-01845: php_admin_flag error VPS Host

Status:	Answered	TWiki version:	5.1.4	Perl version:	v5.10.1
Category:	CategoryInstallation	Server OS:	cento os 6	Last update:	7 years ago

Hello,

We have successfully installed and used twiki on a local centos server without any problems. After doing some testing we are migrating to a host to run our twiki. We established a VPS account with servint who has been a very reliable host for us in the past.

During the install process it became apparent that the path to apache config files is different on our VPS account. Usually I would put twiki_httpd_conf in the path /etc/httpd/conf.d/. Our ISP noted the following:

"Apache config file is located in a different place on cPanel servers. We would not recommend copying any of the necessary data to this configuration file, since it can be overwritten during a cPanel upgrade. Instead, you should consider adding the file as an configuration include. This can be done by copying the file to the includes directory (/usr/local/apache/conf/includes/), then applying a custom virtual host entry for the domain through WHM's "Pre VirtualHost Include" editor".

We did the following but when restarting apache we get the following error (PHP is on the sever)

/usr/local/apache/conf/includes/twiki_httpd_conf: Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration.

If we comment out this line in the conf file we can restart apache. # php_admin_flag engine off.

I used the configurator here http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator?dir=%2Fhome%2Fdrvpdinc%2Fpublic_html%2Ftwiki&path=%2Fdo&puburl=%2Fpub&loginmanager=Apache&phpinstalled=PHP4&blockspiders=on&blockpubhtml=on&blocktrashpub=on&secureattachments=yes&errordocument=None&execperl=mod_cgi

Our VSP account has PHP installed but I want this as secure as possible so I don't want PHP to run from the www root. So I selected "Prevent execution of attached files as PHP scripts if PHP is installed".

Since Twiki is mostly perl based is there any reason to run PHP at all. If so any suggestion as to what could cause this error.

-- Bryan Ino - 2013-12-30

Discussion and Answer

PHP definitely should be disabled on a TWiki site. Imagine someone attaching a PHP script and view the attachment to execute it.

You can easily test if PHP is installed by placing a hello world PHP script in the html root.

-- Peter Thoeny - 2013-12-30

Thanks peter. I'll disable PHP. Some tutorials for installing twiki on centos mentioned installing PHP. I wasn't sure if there were any dependencies.

-- Bryan Ino - 2013-12-31

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- Peter Thoeny - 2015-12-03

Guys,

I'm also experiencing the same error.

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2018-10-26 15:27:28 AEDT; 15s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 22226 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 22225 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 22225 (code=exited, status=1/FAILURE)

Oct 26 15:27:28 centos74.master systemd[1]: Starting The Apache HTTP Server...
Oct 26 15:27:28 centos74.master httpd[22225]: AH00526: Syntax error on line 75 of /opt/twiki/conf/twiki.conf:
Oct 26 15:27:28 centos74.master httpd[22225]: Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration
Oct 26 15:27:28 centos74.master systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 26 15:27:28 centos74.master systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 26 15:27:28 centos74.master kill[22226]: kill: cannot find process ""
Oct 26 15:27:28 centos74.master systemd[1]: Failed to start The Apache HTTP Server.
Oct 26 15:27:28 centos74.master systemd[1]: Unit httpd.service entered failed state.
Oct 26 15:27:28 centos74.master systemd[1]: httpd.service failed.

The last line of my cat /etc/httpd/conf/httpd.conf is as below

include "/opt/twiki/conf/twiki.conf"

twiki.conf file is as below

 Autogenerated httpd.conf file for TWiki.
# Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator

# IMPORTANT NOTE: Make sure to enable mod_cgi in the primary apache configuration file.

# We set an environment variable called blockAccess.
#
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
# including its own topics as URLs and also prevents other TWikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
#
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a twiki
#
# Example:
# BrowserMatchNoCase ^SiteSucker blockAccess
# BrowserMatchNoCase ^$ blockAccess

BrowserMatchNoCase ^$ blockAccess

<IfModule mod_perl.c>
    # Mod_perl preloading
    PerlSwitches -T
</IfModule>

# The ScriptAlias defines the bin directory as a directory where CGI
# scripts are allowed.
# The first parameter will be part of the URL to your installation e.g.
# http://example.com/do/view/...
# The second parameter must point to the physical path on your disc.
ScriptAlias /opt/twiki/bin "/opt/twiki/bin"

# The Alias defines a url that points to the twiki pub directory, which
# is the root of file attachments.
Alias /opt/twiki/pub "/opt/twiki/pub"

# This specifies the options on the TWiki scripts directory. The ExecCGI
# and SetHandler tell apache that it contains scripts. "Require all granted"
# lets any IP address access this URL.
<Directory "/opt/twiki/bin">
    AllowOverride None
    Require all granted
    Deny from env=blockAccess

    Options ExecCGI FollowSymLinks
    SetHandler cgi-script

    # Password file for TWiki users
    AuthUserFile /opt/twiki/data/.htpasswd
    AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)'
    AuthType Basic

    # File to return on access control error (e.g. wrong password)
    ErrorDocument 401 /opt/twiki/bin/view/TWiki/TWikiRegistration

</Directory>

# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons. AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Note that files in pub are *not* protected by TWiki Access Controls,
# so if you want to control access to files attached to topics you need to
# block access to the specific directories same way as the ApacheConfigGenerator
# blocks access to the pub directory of the Trash web
<Directory "/opt/twiki/pub">
    Options None
    AllowOverride None
    Require all granted
    Deny from env=blockAccess

    # Disable execusion of PHP scripts
    php_admin_flag engine off

    # This line will redefine the mime type for the most common types of scripts
    AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi

#add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate
# reducing the load on the server significantly
#IF you can, you should enable this - it _will_ improve your twiki experience, even if you set it to under one day.
# you may need to enable expires_module in your main apache config
#LoadModule expires_module libexec/httpd/mod_expires.so
#AddModule mod_expires.c
#<ifmodule mod_expires.c>
#  <filesmatch "\.(jpg|gif|png|css|js)$">
#       ExpiresActive on
#       ExpiresDefault "access plus 11 days"
#   </filesmatch>
#</ifmodule>

</Directory>

How to resolve this error?

Ameya

-- TWiki Guest - 2018-10-26

Simply comment out the php_admin_flag directive in your twiki.conf file.

-- Peter Thoeny - 2018-10-26

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.