directory images ".htaccess"

Philo2005 · June 25, 2020

Phoenix 1.0.4.0

The directory "images" is protected by the attached ".htaccess" file.
Unfortunally the images are not shown in my webshop with the inital installation,
so i removed the ".htaccess" file in the directory "images" and voila they are shown on index.php and other pages.

But when i upload an image by admin/categories.php the rights of the picture-file are set to 0777, so everybody can manage these files.
Any Ideas how i can resolve this problem?

.htaccess

♥ecartz · June 25, 2020

Apache version?

The .htaccess doesn't help with file permissions. It keeps people who upload .php files to the server from being able to run them. It's to cover for the directory permissions being 777.

I'd create a test file, test.php with content

<?php

echo 'Hello world!';

Try to visit it in the browser. Then upload smaller versions of the .htaccess and see which makes it stop working and which makes the images stop working. If you can find a smaller version that lets the images work while stopping the PHP file, then use that version.

You can see an older version of that file at https://github.com/gburton/CE-Phoenix/blob/41601da342152b010247083c1a70101aa2468d84/images/.htaccess

Philo2005 · June 28, 2020

On 6/25/2020 at 11:13 PM, ecartz said:

Apache version?

Where do I find this?
It runs PHP Version 7.1.1 (Zend 3.1.0)

On 6/25/2020 at 11:13 PM, ecartz said:

echo 'Hello world!';

This works fine without the .htaccess, but eather (old or new) .htaccess it causes Internal Server Error!
With the .htaccess (old or new) no pictures are shown!

Edited June 28, 2020 by Philo2005

♥ecartz · June 28, 2020

admin > Tools > Server Info

The Apache version should be under the HTTP Server.

Philo2005 · June 29, 2020

The HTTP Server value only says "Apache"
see attached file

server_info-20200629083241.txt

♥ecartz · June 29, 2020

More ways to check the Apache version from PHP: https://stackoverflow.com/questions/2927954/how-to-get-the-apache-version

Yet more ways to check: https://stackoverflow.com/questions/166607/how-do-i-find-the-version-of-apache-running-without-access-to-the-command-line

If none of that works, ask your host. They also may be able to tell you if there are restrictions on .htaccess files that would cause trouble.

Jack_mcs · June 29, 2020

On 6/25/2020 at 2:43 PM, Philo2005 said:

Unfortunally the images are not shown in my webshop with the inital installation,

Try adding the .htaccess file back and then visit one of the images, like http....com/images/my_image.jpg. If you can't view the image but it gives you a block where the image should be, check its properties to see the path. Otherwise, get the path by looking at the properties in your ftp program by right clicking on the image. You want to make sure the path is the correct path.

Philo2005 · June 30, 2020

14 hours ago, ecartz said:

More ways to check the Apache version from PHP: https://stackoverflow.com/questions/2927954/how-to-get-the-apache-version

Yet more ways to check: https://stackoverflow.com/questions/166607/how-do-i-find-the-version-of-apache-running-without-access-to-the-command-line

If none of that works, ask your host. They also may be able to tell you if there are restrictions on .htaccess files that would cause trouble.

I talked to my host provider
the acutal version is

apache 2-2.2.29

♥ecartz · June 30, 2020

If you do not have the .htaccess file and try to open the images directory in your browser (just the directory, no file), what happens? If it says you are not authorized, you can delete the following line from the .htaccess file

Options -Indexes

It is conceivable that that would fix things.

I suspect that your host has set some configuration that conflicts with the .htaccess file. If your error logs don't give any more information, then they would be the ones who would have to do the next steps of debugging. You might ask them about AllowOverride and AllowOverrideList values in httpd.conf. E.g. in the documentation: https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride

Quote

In the example above, all directives that are neither in the group AuthConfig nor Indexes cause an internal server error.

The .htaccess file uses the Limit directives.

It is possible that they might have to incorporate the directives from the old version of the .htaccess file into the httpd.conf in a Directory section. The old version because they are using Apache 2.2. The new version should be compatible with both 2.4 and 2.2 but otherwise has no advantages over the old version.

I.e. the choices are either for them to configure your site

AllowOverride Limit

or to incorporate

<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
   Order Deny,Allow
   Deny from all
</FilesMatch>

Options -Indexes

into the httpd.conf files.

Philo2005 · July 5, 2020

Thank you for responding @ecartz
It seems to be a limitation in .htaccess of my hostprovider.
This piece of code is not allowed -:(
I will have to talk soon to the provider...

Edited July 5, 2020 by Philo2005

Philo2005 · July 8, 2020

@ecartz Finally I could arrange with my hostprovider that the "old" .htaccess works without generation system error in my environment (Apache 2-2.2.29)!

<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
   Order Deny,Allow
   Deny from all
</FilesMatch>

Options -Indexes

Thank you for your help!

directory images ".htaccess"

Recommended Posts

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in