Top Nav

Mixing Basic Auth And IP Access Controls

In some cases you might want to require HTTP Basic authentication to a site but allow specific IP addresses to skip the username/password. For Apache this can be configured with:

For nginx the configuration is:





Magento SUPEE-7405 Parse Error

Applying the new SUPEE-7405 patch to Magento (and probably other versions) results in a parse error in the sales order view page (admin/sales_order/view/order_id) if the site is running under PHP5.3. Here’s the error message:

The offending line is:

it can be changed to:

PHP 5.3 does not support the “[]” syntax for array initialization. Of course you should not be running PHP 5.3!


Plesk 12 / CentOS / PHP 5.3 Issue Causes “abrt” Crash From Yum

Recent on servers with Plesk 12 and the PHP 5.3 distribution from Odin, we’re seeing “abrt” crash reports from Yum with a back trace like:

Until Odin fixes their repository the only way to get updates to proceed normally is to disable the PHP 5.3 repository by editing:

And adding this line:

Since PHP 5.3 is EOL there aren’t any updates expected so disabling the repository should not cause problems.



Plesk 12.5 Protected Directories Break Nginx/PHP-FPM

On Plesk 12.5, when using PHP-FPM with Nginx there’s a problem with the way protected directories are implemented. Each protected directory creates a “location” block in the Nginx config that proxies to Apache. So protected directories are implemented in Apache only. Nginx just passes through to Apache.  This is not a great design choice in our opinion. Instead protected directories should be implemented directly in Nginx.

One of the side effects of the 12.5 implementation is that inside protected directories Apache handles PHP even if you have the domain configured to use Nginx with PHP-FPM. This is especially problematic if you have the entire site password protected. The “location /” block takes precedence over the “location *.php” block so the entire sites ends up using Apache instead going directly to PHP-FPM.

To get around this problem I do the following in Plesk:

  1. Create a protected directory for “/protected”.  Add users as needed.
  2. On the “Apache & nginx Settings” screen, add the following to the “Additional nginx directives” field:
  3. In your .htaccess file add:

The last step is important because we need both Apache and Nginx to enforce the protected directory.



W3TC CDN – Updating Plugin Or Theme

If you’re using W3 Total Cache with an origin push CDN like RackSpace Cloud Files, then you may encounter problems when updating plugins or themes. After the new files are synced to the CDN there is a propagation delay before all nodes receive the new files. During this time the site may be broken for some users. Here’s a procedure to deal with this situation:

1. Install and activate the new plugin or theme.

2. In W3TC, syncronize the Custom files to CDN. (Performance -> CDN -> Upload Custom Files)

3. Add plugin or theme folder to the CDN exclusion list:

Performance -> CDN -> Rejected Files

Add this line:




4. Save and clear the page cache.

Now the site will pull the plugin or theme from the server instead of the CDN. But the new files will be propagating through the CDN.

5. In 24 hours or whatever the TTL for your CDN container, after the files have had a chance to propagate, remove the plugin or theme folder from the Rejected Files list and clear the page cache.

Now the site will pull the plugin or theme from the CDN.