Forum

Hi Hugo,

I believe that the protective functions of Hiawatha hinder an installation of the component for Joomla.
You know it certainly like this installation with Joomla runs off. A zip file must be uploaded in a /tmp by Joomla and from this folder installed.
I have looked, the uploaded zip file is in the /tmp folder, but the Joomla can do with it nothing, does not have enough rights.
Whole joomla Running as www-data and has right chmod folder 755 and files 644
With it you an overview has I show my configuration files of Hiawatha.

# Hiawatha main configuration file
#


# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log


# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
	Port = 80
#	Interface = 127.0.0.1
MaxRequestSize = 2560
MaxUploadSize = 50
MaxKeepAlive = 1000 
#	TimeForRequest = 3,20
}
#
#Binding {
#	Port = 443
#	Interface = ::1
#	MaxKeepAlive = 30
#	TimeForRequest = 3,20
#	SSLcertFile = hiawatha.pem
#}


# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#BanOnSQLi = 70
#BanOnFlooding = 10/1:35
#KickOnBan = yes
#RebanDuringBan = yes


# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
#
FastCGIserver {
    FastCGIid = PHP5
    ConnectTo = 127.0.0.1:2005
    Extension = php
    SessionTimeout = 150
}
                                   
UrlToolkit {
    ToolkitID = joomla
    Match mosConfig_[a-zA-Z_]{1,21}(=|\%3D) DenyAccess
    Match base64_encode.*\(.*\) DenyAccess
    #Match (<|%3C).*script.*(>|%3E) DenyAccess
    Match GLOBALS(=|\[|\%[0-9A-Z]{0,2}) DenyAccess
    Match _REQUEST(=|\[|\%[0-9A-Z]{0,2}) DenyAccess
    RequestURI exists Return
    Match .* Rewrite /index.php
}

# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 65.64.78.32
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
    Alias = /mysql:/usr/share/phpmyadmin
    AccessList = allow 82.53.0.0/16, deny all
    UseFastCGI = PHP5
#ErrorHandler = 404:/error.cgi

# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
VirtualHost {
	Hostname = mysite1.de, www.mysite1.de
	WebsiteRoot = /var/www/mysite1.de
	StartFile = index.php
  AlterGroup = www-data 
  AccessLogfile = /var/www/mysite1.de/logs/access.log
	ErrorLogfile = /var/www/mysite1.de/logs/error.log 
#  ExecuteCGI = yes
  FollowSymlinks = yes 
  EnablePathInfo = yes 
  #TriggerOnCGIstatus = no
  TimeForCGI = 60
	UseFastCGI = PHP5
	#UseToolkit = joomla
  EnablePathInfo = yes
  UseGZfile = yes
  PreventCSRF = yes
  PreventSQLi = yes
  PreventXSS = yes 
} 

VirtualHost {
	Hostname = mysite2.de, www.mysite2.de
	WebsiteRoot = /var/www/mysite2.de
	StartFile = index.php 
  AlterGroup = www-data
	AccessLogfile = /var/www/mysite2.de/logs/access.log
	ErrorLogfile = /var/www/mysite2.de/logs/error.log
  ExecuteCGI = yes
  FollowSymlinks = yes 
  EnablePathInfo = yes 
  TriggerOnCGIstatus = no
	TimeForCGI = 60
	UseFastCGI = PHP5
	UseToolkit = joomla
  EnablePathInfo = yes
  UseGZfile = yes
  PreventCSRF = yes
  PreventSQLi = yes
  PreventXSS = yes 
}

VirtualHost {
	Hostname = mysite3.de, www.mysite3.de
	WebsiteRoot = /var/www/mysite3.de
	StartFile = index.php
  AlterGroup = www-data
	AccessLogfile = /var/www/mysite3.de/logs/access.log
	ErrorLogfile = /var/www/mysite3.de/logs/error.log
  ExecuteCGI = yes
  FollowSymlinks = yes 
  EnablePathInfo = yes 
  TriggerOnCGIstatus = no
	TimeForCGI = 60
	UseFastCGI = PHP5
	UseToolkit = joomla
  EnablePathInfo = yes
  UseGZfile = yes
  PreventCSRF = yes
  PreventSQLi = yes 
  PreventXSS = yes
}

# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
Directory {
	Path = /var/www/mysite1.de/administrator
  AccessList = allow 82.53.0.0/16, deny all  
	ExecuteCGI = yes      
}
Directory {
 	Path = /var/www/mysite2.de/administrator
  AccessList = allow 82.53.0.0/16, deny all  
	ExecuteCGI = yes      
}
Directory {
	Path = /var/www/mysite3.de/administrator
  AccessList = allow 82.53.0.0/16, deny all  
	ExecuteCGI = yes      
}

# PHP FastCGI configuration

# Path to PID-file.
# PidFile = <filename>
#
PidFile = /var/run/php-fcgi.pid

# Number of forks per server.
# Forks = <number>
#
Forks = 3

# Number of maximum requests per fork before respawning.
# MaxRequests = <number>
#
MaxRequests = 100

# Set environment variables for the FastCGI processes.
# Setenv <key> = <value>
#

# PHP FastCGI servers to start.
# Server = <php-cgi executable>;<binding>;<UID>[:<GIDs>][;<PHP configuration file>]
#
#Server = /usr/bin/php5-cgi ; 127.0.0.1:2005 ; www-data
#Server = /usr/bin/php5-cgi ; 127.0.0.1:2005 ; 1000:100,101
Server = /usr/bin/php5-cgi ; 127.0.0.1:2005 ; www-data ; /etc/php5/cgi/php.ini
#Server = /usr/chroot|usr/bin/php5-cgi ; 127.0.0.1:2005 ; www-data

With cgi-wrapper.conf everything is commented out.

Greeting, Alex.

Hiawatha version: 6.19
Operating System: Debian Lenny

Try without the PreventSQLi option. You should only use the PreventXXX options if you fully understand how those options work.

Thanks Hugo it was this, if you only knew how much time I lost with solution searching
This lies with my bad knowledge of English, I do not understand the HOWTO's so well
If it does not matter to you, you could give me a council which options should be switched off for Joomla and which not.
Over again many thanks if there are problems again I come again

Greeting, Alex.