xoops forums


Quite a regular
Posted on: 2016/12/24 9:28
goffy (Show more)
Quite a regular
Posts: 315
Since: 2010/12/27

htaccess and uploads dir

hi all

I have problems with access to my uploaded pics in directory ../uploads/images/

in uploads and images directory there is a htaccess file with folloowing content
# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .php5 .php4 .php3 .phps
-ExecCGI -Indexes

these htaccess files are created with default installation of xoops.

How can I solve this?
- delete the htaccess files? (Quick solution, but secure?)
- Do I need addtional settings on my server?


Quite a regular
Posted on: 2016/12/27 0:12
geekwright (Show more)
Quite a regular
Posts: 231
Since: 2010/10/15

Re: htaccess and uploads dir

That .htaccess file is for defense in depth. It is supposed to make sure that even if a script file, like a .php file, is uploaded to the directory, it will not be allowed to run.

There are a lot of different ways a sever can be configured, and some of those will throw an error if a .htaccess file is found, especially in a subdirectory.

There are supposed to be other checks along the way that prevent uploading script files, so if it is causing problems, the .htaccess file can be deleted. As an added protection, make sure the directory permissions are as restrictive as possible, i.e. 0755, or 0775.