1
fdeconiac
.htaccess in uploads/ folder
  • 2011/3/23 23:22

  • fdeconiac

  • Quite a regular

  • Posts: 278

  • Since: 2008/11/29


Hi all,

Just to inform you that the .htaccess in "uploads/" folder make my files unaccessible... For example, the pictures of my slideshow (module slideshow) doesn't appear...

I had to remove the .htaccess !

Please have a look on it for next XOOPS releases (i think it happens since XOOPS 2.5.0)

Regards

Version de XOOPS XOOPS 2.5.1 RC
Version de PHP 5.2.17
Version de MySql 5.1.37-1ubuntu5.5-log

2
Mamba
Re: .htaccess in uploads/ folder
  • 2011/3/23 23:36

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


We have added it for security reasons, so people cannot place a malicious file with a different file extension, and then execute it.

If nobody is uploading files there except you, feel free to remove it.
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

3
fdeconiac
Re: .htaccess in uploads/ folder
  • 2011/3/23 23:39

  • fdeconiac

  • Quite a regular

  • Posts: 278

  • Since: 2008/11/29


well, some people can uploads files in subfolders like news/ or extgallery/ ...

But i think it is not well done... why does it block my site to read files (pictures) uploaded on uploads folder?

4
tstempko
Re: .htaccess in uploads/ folder
  • 2011/9/1 21:39

  • tstempko

  • Just popping in

  • Posts: 8

  • Since: 2006/3/1 6


It will be more secure if you just remove -Indexes from .htaccess file in upload dir
Probably this option causes the problem. So updated file should look like this:
# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .php5 .php4 .php3 .phps
Options -ExecCGI


PS.

The best solution is to change Apache configuration. You have to add Options to the AllowOveride apache directory directive configuration.

Here is an example configuration which I found in the net:

Resized Image

5
Roby73
Re: .htaccess in uploads/ folder
  • 2011/9/2 13:22

  • Roby73

  • Friend of XOOPS

  • Posts: 262

  • Since: 2011/6/15


The best solution is to change Apache configurationYou have to add Options  to the AllowOveride apache directory directive configuration.


This is a good solution, but if the hosting provider do not permit this, and remove .htaccess is dangerous... What is the solution?

6
novlang1984
Re: .htaccess in uploads/ folder

Delete red parts (all related to CGI) and let us know
Quote:

# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .php5 .php4 .php3 .phps
Options -ExecCGI -Indexes

7
Roby73
Re: .htaccess in uploads/ folder
  • 2011/9/3 0:29

  • Roby73

  • Friend of XOOPS

  • Posts: 262

  • Since: 2011/6/15


With my provider don't work
Can't read the files in directory.


Login

Who's Online

433 user(s) are online (327 user(s) are browsing Support Forums)


Members: 0


Guests: 433


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits