I've just activated the TreemapVisualization plugin and got a different .htaccess, which works.

<Files ~ ".(php|php4|php5|inc|tpl|in|twig)$">
<IfModule mod_access.c>
Deny from all
</IfModule>
<IfModule !mod_access_compat>
<IfModule mod_authz_host.c>
Deny from all
</IfModule>
</IfModule>
<IfModule mod_access_compat>
Deny from all
</IfModule>
</Files>
<Files ~ ".(test.php|gif|ico|jpg|png|svg|js|css|swf)$">
<IfModule mod_access.c>
Allow from all
</IfModule>
<IfModule !mod_access_compat>
<IfModule mod_authz_host.c>
Allow from all
</IfModule>
</IfModule>
<IfModule mod_access_compat>
Allow from all
</IfModule>
Satisfy any
</Files>

Thanks for the report!

I don't think we can easily fix this one, hopefully users experimenting the bug will find this ticket and know to delete the .htaccess causing problems.

We have to do better here. I just installed the Security check plugin and when I did it installed the .htaccess file in the plugins directory that is in the OP.

That broke all the images across the entire thing and I spent an hour trying to figure out:

1. Did the recent update to 2.2.0 break this?
2. Did another developer tweak the apache settings to break this?
3. Are the files messed up somehow?

Installing a plugin shouldn't break the entire rest of the site by installing a hidden file into a fairly random directory.

This is pretty bad.

STR:

• cd $PIWIK_INSTALL_DIR/plugins
• cat .htaccess
• Install the number one plugin in the marketplace, SecurityInfo and then enable it.
• cat .htaccess

The other day I stumbled upon this commit in phpbb: https://github.com/phpbb/phpbb/pull/2386/files#diff-f72a38c4bec79cc6ded3f8e435d6bd55L11

Maybe we could check out this one, and possibly how other popular open source projects have sorted their .htaccess so it works across all server configurations.

See related/possibly same issue #4941

Replying to mlissner:

We have to do better here. I just installed the Security check plugin and when I did it installed the .htaccess file in the plugins directory that is in the OP.

Are you sure it's the htaccess in OP, or maybe it created the htacess in: #4499 rather than ticket description?

Replying to matt:

Are you sure it's the htaccess in OP, or maybe it created the htacess in: #4499 rather than ticket description?

Yeah, I'm sure. Just checked the server and it still has an .htaccess.bak file with the contents from the OP.

In 6e83e22: Refs #4499 #4941 Adding <IfModule !mod_authz_host.c> around the Satisfy any which may fix the issue.

To test run the following command in the piwik directory:

rm js/.htaccess plugins/.htaccess core/.htaccess libs/.htaccess vendor/.htaccess misc/user/.htaccess

(this deletes all current htaccess files)

Then visit the System check page
(this re-creates the .htaccess files)

Then browse Piwik -> is it working fine?

If not, check your error log and please paste error as a comment in the ticket.

This seems to be related, in Piwik 2.2.3-b6, image files are not displayed (icons, etc) getting 500 errors instead.

Issue caused by .htaccess in plugins directory, section starting with

<Files ~ "\.(test\.php|gif|ico|jpg|png|svg|js|css|htm|html|swf)$">

Once that section is commented icons display correctly.

However, possibly a different issue, still get 500 error (see chrome console) with this file

/libs/jquery/themes/base/images/ui-bg_flat_75_ffffff_40x100.png 500 (Internal Server Error)

Issue caused by .htaccess in plugins directory, section starting with

<Files ~ "\.(test\.php|gif|ico|jpg|png|svg|js|css|htm|html|swf)$">

Once that section is commented icons display correctly.

Because it works on my dev, the demo, and many other servers so I'm trying to understand why not on yours and some others:

When this <Files> element is in your htaccess files, and you access piwik, does it log some errors in your server error log?

what is the error message?

maybe you do understand why this <Files> somehow creates error on your server?

we need more help from you guys to fix the issue properly, cheers :)

In 7183d21: Refs #4499 This should fix the issue with htaccess files being incorrect.
Todo: create Update file to re-create all htaccess files.

In 2e0b98d: Fixes #4499 Adding upgrade file to re-create all htaccess files with the correct values.

Sorry, I did not have mail notification on, just noticed your post.

Unfortunately I don't have access to the full server log, I do have a php error log and there were no errors there.

I don't know what that section of the htaccess causes problems - I didn't do much debugging, the problem could be anywhere in the 2nd half of the htaccess file after <Files> although the commands used are not used in any other application that I used.

I noticed a comment in the new code you posted related to new instruction in Apache 2.4. My server is on Apache 2.2.25 and I normally use Deny / Allow instructions in htaccess.

@samiam can you please try the latest beta version? this issue should be fixed after you upgrade, but we would like to know for sure that it is fixed for you. If not, we will try some more thing. See: http://piwik.org/faq/how-to-update/faq_159/

Hmm, I thought it was but the page is not loading properly and I am getting errors in the browser dev panel

GET http://www.mydomain.com/plugins/Morpheus/images/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday net::ERR_TOO_MANY_REDIRECTS index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday:1
GET http://www.mydomain.com/plugins/Zeitgeist/images/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday net::ERR_TOO_MANY_REDIRECTS index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday:1

Also getting php errors

[21-May-2014 11:58:28 UTC] PHP Fatal error:  Call to undefined method Piwik\SettingsPiwik::rewriteMiscUserPathWithInstanceId() in /home/user/public_html/analytics/plugins/CoreAdminHome/CustomLogo.php on line 150
[21-May-2014 11:58:28 UTC] PHP Fatal error:  Call to undefined method Piwik\SettingsPiwik::rewriteTmpPathWithInstanceId() in /home/user/public_html/analytics/core/Twig.php on line 63

I looked at this as bit more. As far as I can see the update to the latest beta nuked a .htaccess that I had in the Piwik root folder. After replacing this it seems to work fine.

In 01d9dd0: When deleting htaccess files, make sure we only delete those that we may have created.
Thank you @samiam for the report of bug, that's really helpful. We will not over-delete (often important) htaccess of more Piwik users!
refs #4499
Will be available in 2.3.0-rc2