SilverStripe 3: Can no longer access CMS admin area, receiving 500 error

Question

When trying to access the CMS via /admin on a live SilverStripe site it's suddenly starting producing a 500 error page with the following message the rest of the site is fine:

The server encountered an internal error or misconfiguration and was unable to complete your request.

The most recent errors in the error log in the public_html folder shows:

[17-Nov-2018 03:06:11 UTC] PHP Warning: Director::protocolAndHost() lacks sufficient information - HTTP_HOST not set. in /home/mysite/public_html/framework/control/Director.php on line 488

The error log in cPanel shows:

[Wed Nov 21 15:27:24.578366 2018] [core:alert] [pid 10504:tid 47515481941760] [client 90.242.226.###:56737] /home/bwib/public_html/.htaccess: Invalid command 'SetEnv', perhaps misspelled or defined by a module not included in the server configuration

I've checked the .htaccess file and its somehow changed to this:

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor    (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php5_module>
    php_value date.timezone "UTC"
</IfModule>
# END cPanel-generated php ini directives, do not edit

If I replace it with the original .htaccess file the entire site breaks and I get a 500 error.

Original .htaccess here:

### SILVERSTRIPE START ###
# Deny access to templates (but allow from localhost)
<Files *.ss>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Files>

# Deny access to IIS configuration
<Files web.config>
Order deny,allow
Deny from all
</Files>

# Deny access to YAML configuration files which might include                                 sensitive information
<Files *.yml>
Order allow,deny
Deny from all
</Files>

# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_rewrite.c>

# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
<IfModule mod_dir.c>
    DirectoryIndex disabled
</IfModule>

SetEnv HTTP_MOD_REWRITE On
RewriteEngine On
RewriteBase '/'



# Deny access to potentially sensitive files and folders
RewriteRule ^vendor(/|$) - [F,L,NC]
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC]

# Process through SilverStripe if no file with the requested name exists.
# Pass through the original path as a query parameter, and retain the existing parameters.
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* framework/main.php?url=%1 [QSA]

SILVERSTRIPE END

The hosting company are unwilling to advise or help investigate and just keep telling me "the admin folder is empty" very unhelpful.

Some research has pointed me in the direction of these answers but I'm not sure how to apply these via cPanel or the .htaccess file:

Director::protocolAndHost() lacks sufficient information - HTTP_HOST not set

https://github.com/kanboard/kanboard/issues/2685

Screenshot of the server settings attached:

Any advice on how to trouble shoot this would be great!

Have you tried updating the htaccess the way they recommend: "To make changes to this file, use the cPanel MultiPHP INI Editor" since it also says: "Manual editing of this file may result in unexpected behavior."? — Magnus Eriksson
I don't know how to write the .htaccess contents to the php.ini format. Using any of the content from the .htaccess file in the editor just causes an error and it won't accept it. I've looked at the suggested documentation but it doesn't help with scope of knowledge: go.cpanel.net/EA4ModifyINI I've never had to do anything like this for any other server setup. — pinkp
that is not your .htaccess file, that is your php.ini file. In your htaccess there will be a line with SetEnv in it comment it out by placing a '#' in front of it. Report back after you have done this. — Orlando P.
So how do I use the php.ini file to fix the issues with the .htaccess file. Why does the it tell me to make changes to my .htaccess file via the INI editor... SetEnv is an .htaccess setting. :/ — pinkp
Why is your web host overriding your .htaccess file and telling you not to change it? That's bizarre and dangerous (for them to do) — scrowler

Shim-Sao Shim-Sao · Accepted Answer · 2018-12-01T16:37:44

Never use the CPanel of your provider if you use FTP and SSH or vice versa.

You can't change all Apache settings in php, it's not the same things.

Remove SetEnv because you certainly not have a dedicated server. So no SetEnv for everybody because it's dangerous.

In .htaccess, it's preferable to check if mod_rewrite is enable :

<IfModule mod_rewrite.c>
    # Enable URL rewriting
    RewriteEngine On

    # All the rewrite conditions and redirections below

</IfModule>

SilverStripe 3: Can no longer access CMS admin area, receiving 500 error

SILVERSTRIPE END

1 Answers