Failed to load HTML file


#1

after the update to 2.3.0 I get these errors:

Failed to load HTML file: Please check your server configuration. You may want to whitelist “*.html” files from the “plugins” directory. The HTTP status code is 404 for URL “plugins/ZenMode/angularjs/quick-access/quick-access.html”

Failed to load HTML file: Please check your server configuration. You may want to whitelist “*.html” files from the “plugins” directory. The HTTP status code is 404 for URL “plugins/CoreHome/angularjs/enrichedheadline/enrichedheadline.html”

Failed to load HTML file: Please check your server configuration. You may want to whitelist “*.html” files from the “plugins” directory. The HTTP status code is 404 for URL “plugins/Feedback/angularjs/ratefeature/ratefeature.html”

The changing of the directories permissions doesn’t fix the problem.

My server error log doesn’t contain any error messages.

htaccess file:

First, deny access to all files in this directory

<Files “*”>

<IfVersion < 2.4>
Order Deny,Allow
Deny from All

= 2.4>
Require all denied


<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
Order Deny,Allow
Deny from All


Require all denied


Allow to serve static files which are safe

<Files ~ “.(test.php|gif|ico|jpg|png|svg|js|css|htm|html|swf|mp3|mp4|wav|ogg|avi)$”>

<IfVersion < 2.4>
Order Allow,Deny
Allow from All

= 2.4>
Require all granted


<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from All


Require all granted



(Matthieu Aubry) #2

Piwik says:

The HTTP status code is 404 for URL “plugins/CoreHome/angularjs/enrichedheadline/enrichedheadline.html”

So, could you try to load this file in your browser and see what you get?
Maybe there is also an error in your server error log?


#3

After the update I get…

Failed to load HTML file: Please check your server configuration. You may want to whitelist “*.html” files from the “plugins” directory. The HTTP status code is 403 for URL “plugins/ZenMode/angularjs/quick-access/quick-access.html”

Everything seems to be working fine though.
The permission for the file is 664 which seems the obvious correct setting set by the install along with the other file permissions in the directory.
I can use cPanel to see the file fine but cannot load it in a browser and recieve the 403.


#4

Hi Matt,

if I load the file “plugins/CoreHome/angularjs/enrichedheadline/enrichedheadline.html” in my browser I get: “Page not found”.

The same with: plugins/Feedback/angularjs/ratefeature/ratefeature.html or
plugins/ZenMode/angularjs/quick-access/quick-access.html

I checked my server error log again. In the file there is really no error.


#5

I see the same message after updating to 2.3.0?
[attachment 1768 error403.png]
The file is there.
If I try to access the file directly, I see this message:
[attachment 1769 error403-2.png]

It doesn’t relate to the .htaccess, but the permissions on the zenmode folder and the folders below, are wrong, they are set to 750, and they should be 755.
So the problem is solved here.


#6

Failed to load HTML file: Please check your server configuration. You may want to whitelist “*.html” files from the “plugins” directory. The HTTP status code is 403 for URL “plugins/ZenMode/angularjs/quick-access/quick-access.html”

Same as above, everything ive checked seems ok


#7

Did you check folder permissions?


#8

I had missed a folder, it is fixed now thanks :slight_smile:


#9

Attention !!!

Il y a un bug dans le fichier piwik\plugins\Installation\ServerFilesGenerator.php

Ce fichier sert entre autre a créer un fichier web.config sur les IIS windows. A la ligne 114 et 115 il faut autoriser les extentions htm et html

Sinon les fichiers template en HTML ne sont pas reconnues …

Voila.


#10

I posted this on another thread about the same issue, and I see from the OP’s post that this might help:

"Might want to check the plugins .htaccess file. In mine, I saw this about halfway down:

Allow to serve static files which are safe

<Files ~ “.(test.php|gif|ico|jpg|png|svg|js|css|htm|html|swf|mp3|mp4|wav|ogg|avi)$”>

I changed it to:

Allow to serve static files which are safe

<Files ~ “.(test\php|gif|ico|jpg|png|svg|js|css|htm|html|swf|mp3|mp4|wav|ogg|avi)$”>

(Note the php entry)

Thus solved the 403 error for me without changing permissions."


#11

@micrologiciel

non funziona! It doesn’t fix the error.

@ Ebola_Gray

# Allow to serve static files which are safe

It doesn’t fix the error too.


(Matthieu Aubry) #12

@XYZ What error do you see in your server error log?


#13

My Solution (probably for everybody):

Since my website ist running for over 16 years, I had all in the root directory. I have placed piwik in /piwik and used to call it using a subdomain.

/ <- document root for the website
/piwik <- folder for piwik

foo.bar / www.foo.bar <- used to call website
piwik.foo.bar <- used to call piwik

Changes:

I have moved everything related to the website into another folder:

/foobar <- document root for the website
/piwik <- folder for piwik

Now there is no error message any more.

The webserver is running apache 2.2.27.

Analysis

I assume something in the .htaccess in the root directory of my website lead to that error. I used to have .html-files in the beginning (the first 6 years). To avoid broken links, I have used the .htaccess to rewrite them to call .php-files:


RewriteRule ^(.*).html index.php?page=$1 [L]

This could have been the root of all evil?

Regards, Martin

PS: Discussed the issue in a german forum with somebody, that did not have any problems at all after upgrading.

-> Piwik 2.2.0 - seit Update kein Website Wechsel möglich (simply copy and paste to your browser)


(Matthieu Aubry) #14

This could have been the root of all evil?

Yes this could have been the problem! Nice find.

FOR OTHER USERS: If you still experience this issue, please try with the latest 2.4.0 beta which is available as per instructions here: I would like to test early beta and RC releases, how do I enable automatic updates to use these development versions? - Analytics Platform - Matomo

After upgrading to 2.4.0 if you still have the issue please let me know here! We are really hoping to fix this problem for all of you!


#15

Hi Matt

“After upgrading to 2.4.0 if you still have the issue please let me know here! We are really hoping to fix this problem for all of you!”

We have upgraded and still have the issue. Nothing has changed.

I’m not sure on how to change permissions etc so hope a fix comes out soon :slight_smile:

Keep up the great work!

Gman


(Matthieu Aubry) #16

@Gman what error do you find in your error log? what web server do you use?


#17

Hi Matt

We get the same error message as the others:
[ Failed to load HTML file: Please check your server configuration. You may want to whitelist “*.html” files from the “plugins” directory. The HTTP status code is 403 for URL “plugins/ZenMode/angularjs/quick-access/quick-access.html” ]

As well as this error since we upgraded to 2.3 and 2.4 our logo and Favicon does not appear under General Settings and when re-uploaded still do not appear. ?? If displays an empty small tiny image of a ripped bit of paper (see attached image) ? We have tried various types and sizes of images but they just don’t upload. The Feedback Plugin is disabled. The logos also do not appear on the login screen anymore or in upper left corner for menu bar?

The following info is what I can gleem - hope this assists:)

Cheers for asssist.
Gman,


Apache version 2.4.9
PHP version 5.4.29
MySQL version 5.5.36-cll
Architecture x86_64
Operating system linux
Path to sendmail /usr/sbin/sendmail
Path to Perl /usr/bin/perl
Perl version 5.8.8
Kernel version 2.6.32-531.11.2.lve1.2.55.el6.x86_64
cPanel Pro 1.0 (RC1)

Security Testing of Piwik reports:

Application
Test Result
PHP You are running PHP 5.4.29. The latest version of PHP is 5.5.13.
Piwik You are running Piwik 2.4.0-b3 (the latest version).

CGI
Test Result
force_redirect force_redirect is enabled, which is the recommended setting

Core
Test Result
allow_url_fopen You are running PHP 5.2 or greater, which makes allow_url_fopen significantly safer. Make sure allow_url_include is disabled, though
allow_url_include allow_url_include is disabled, which is the recommended setting
display_errors display_errors is disabled, which is the recommended setting
expose_php expose_php is enabled. This adds the PHP “signature” to the web server header, including the PHP version number. This could attract attackers looking for vulnerable versions of PHP
file_uploads file_uploads are enabled. If you do not require file upload capability, consider disabling them.
group_id PHP is executing as what is probably a non-privileged group
magic_quotes_gpc magic_quotes_gpc is disabled, which is the recommended setting
open_basedir open_basedir is enabled, which is the recommended setting. Keep in mind that other web applications not written in PHP will not be restricted by this setting.
register_globals register_globals is disabled, which is the recommended setting
upload_tmp_dir upload_tmp_dir is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access temporary copies of files uploaded via your PHP scripts. You should set upload_tmp_dir to a non-world-readable directory
user_id PHP is executing as what is probably a non-privileged user

Curl
Test Result
file_support You are running PHP 4.4.4 or higher, or PHP 5.1.6 or higher. These versions fix the security hole present in the cURL functions that allow it to bypass safe_mode and open_basedir restrictions.

Session
Test Result
save_path save_path is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access session files. You should set save_path to a non-world-readable directory
use_trans_sid use_trans_sid is disabled, which is the recommended setting


#18

I have the same issue. Upgrading to 2.4.0b did not help.


#19

On my system, it was two things.

One was a popular third party nginx include config that secured things down. The offending line was:


# Disallow access to several helper files.
location ~* \.(?:bat|html?|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
        return 404;
}

I change it to:


# Disallow access to several helper files.
location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
        return 404;
}

That fixed the 404 errors. Note that I just remove the html?| part.

The second item was I needed to chmod +xr on plugins/ZenMode and directories below that. No changes on the file themselves.


#20

I continue to update - currently at 2.4.0-b6 - after the update we initially had access to PiWik, however continued to get the same error message:
[ Failed to load HTML file: Please check your server configuration. You may want to whitelist “*.html” files from the “plugins” directory. The HTTP status code is 403 for URL “plugins/ZenMode/angularjs/quick-access/quick-access.html” ]

This is on two different sites on two different servers!!

After the update to 2.4.0-b6 we initially had access to Piwik however after clicking on “Settings” to check if our image issue was corrrect- our system hung for ages, couldn’t access it but finally after approx 5 mins accress returned? Not sure what was going on there!

:frowning:
Much frustration.
Gman