Try with AllowOverride All
the posted config works in my docker and xampp so I don’t know what to tell you concerning your server setup. You should have a vhost config setup with these configs for your site.
Did you check for
Jerry didn’t you just tell me it is a security breach? that is why i changed it back to None as you advised in previous post, am i missing something?
Beats me! Maybe there are other settings preventing htaccess directives or something else is not configured.
Just try the All setting.
I changed it to All, with the potential risk,
I have to close the browser and open it again for the changes made in the portal to be accepted without error, but it does accept it and commits the way it should, but in real life scenario this is not an option, why is that behavior?
Also, from the portal when the patient revises and commits it gives a red alert and error, but it goes through to my emr ?
an alert type bug. still okay otherwise, portal works fine and never heard of the behaviour you describe.
it is unreal, I have to close browser ( safari, Firefox, explorer alike) reopen it log in then it acts fine, cannot do that in real live scenario , I am not sure what to do here?
SOLVED….!!!
It is working fine, my mistake was using the same browser to have two sessions simultaneously for the openemr and the portal to test, which I should not do, so when opening the portal with Firefox and the openemr in safari things were perfect.
Thank you for the help.
Admin can flag this thread solved.
[quote=“juggernautsei, post:2, topic:19773”]
<Directory "/var/www/html/openemr">
Options -Indexes
AllowOverride All
Require all granted
</Directory>
Does that pose a risk? isn’t it supposed to be AllowOverride None?
If so what is the work around to get the portal to work without risks?
I stand corrected. Please read below.
I want to clear up a misconception on this.
First the AllowOverride is directory based and tells the server to look for a htaccess file and gives permission for the directives in the htaccess to execute.
So any subdirectories under directory where the Allowoverride is set that has a htaccess file will be executed. So from a security POV a bad actor could write a htaccess file to say interface directory then execute a get or post to enact their wishes.
This is why I suggest that the servers document directory should have AllowOverride None to allow only the domain for openemr to work.
Moreover to be secure the only the directories that we know and want a htaccess file should be singled out in server config such as:
<Directory "/var/www/html/">
Options -Indexes
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html/openemr">
Options -Indexes
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html/openemr/portal">
Options -Indexes
AllowOverride All
Require all granted
</Directory>
and so forth.
Not only is this more secure but also relieves file seeks required by the server.
Now I get the average user is not going to know what directories to serve however in the end it is the users responsibility to secure their sites.
Furthermore to be even safer we(as project admins) should get rid of the htaccess and recommend placing the rewrite directive in the sever config in the same way we handle our document directories.
As a disclaimer I by no means am an expert or even like doing the I.T stuff but felt I couldn’t let the blanket statement that there are no risks by allowing AllowOverride All willy dilly!
Of course if anyone disagrees by all means let us know where I’ve gone wrong.
1 Like
I am getting now 404 error when trying to manage modules ( portal is working so is portal dashboard)
My examples are not complete but was to describe a way to setup server. You need to learn about servers and setting them up or get a knowledgeable vendor to help you.
There are many ways to do this and I was showing how to better setup a server when looking at directory control using htaccess.
I am learning as I go
I was able so far to set up openemr on ubuntu using Andrew Dyer’s fullbackup4.sh started by Bardy’s fullback3.sh to burn daily backup and bckup files on DVD and was able to establish my certificates from EMR to HTTPS the site on 445 only open port on my VBox thanks to this forum, but if I can get help with this module error I greatly appreciate it.
The only way to get the module to work was unfortunately:
<Directory “/var/www/html/openemr”>
Options -Indexes
AllowOverride All
Require all granted
in my server .conf
If any other solution please let me know……
Of all options this is the original way I set up for portal and worked well as I recall.
Too me is the better way however note to lock down the document directory.
For some reason when I went looking for this config I couldn’t find it or maybe it’s not in windows install doc.
Thanks Stephen.
I still think we ought to get rid of the .htaccess files and setup in server config but I don’t have the energy to do that.
1 Like
I installed openemr on ubuntu, under /var/www
there is only html
my installation path was
/var/www/html/openemr
the path to /var/www/localhost/htdocs/openemr is not available to me, where is the folder htdocs on ubuntu installation?
Patient portal is working and sending email after configuring it with my SES on amazon however I put in the portal link to patient from portal in global:
https://{my domain}/openemr/portal
The email is giving the name, password sign in credentials to the portal however instead of the above address as a link it does give this:
3rd Party API Access
API Access Address: https://{my domain}/openemr/apis/default/fhir
Technical Requirements Documentation: https://{my domain}/openemr/FHIR_README.md#3rd-party-smart-apps
You can use the above API Address with any app of your choice to access your patient data as long as it meets the technical requirements for our service.Thank you for allowing us to serve you.
And when I click on the link it gives me a page with technical integration that has nothing to do with patient’s link to portal….
What do I need to do to correct this?
