xoops forums

goffy

Quite a regular
Posted on: 12/24 4:28
goffy
goffy (Show more)
Quite a regular
Posts: 288
Since: 2010/12/27
#1

htaccess and uploads dir

hi all

I have problems with access to my uploaded pics in directory ../uploads/images/

in uploads and images directory there is a htaccess file with folloowing content
# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .php5 .php4 .php3 .phps
Options 
-ExecCGI -Indexes

these htaccess files are created with default installation of xoops.

How can I solve this?
- delete the htaccess files? (Quick solution, but secure?)
- Do I need addtional settings on my server?

geekwright

Quite a regular
Posted on: 12/26 19:12
geekwright
geekwright (Show more)
Quite a regular
Posts: 207
Since: 2010/10/15
#2

Re: htaccess and uploads dir

That .htaccess file is for defense in depth. It is supposed to make sure that even if a script file, like a .php file, is uploaded to the directory, it will not be allowed to run.

There are a lot of different ways a sever can be configured, and some of those will throw an error if a .htaccess file is found, especially in a subdirectory.

There are supposed to be other checks along the way that prevent uploading script files, so if it is causing problems, the .htaccess file can be deleted. As an added protection, make sure the directory permissions are as restrictive as possible, i.e. 0755, or 0775.