htaccess deny all files in all subdirs of a directory - .htaccess

I am working on a webpage that uses CKEditor for editing pages' text content and I have found out that although the listing of the DIRs is denied people can still open specific files directly (publicly) if they know exactly where those files reside thus they could change the content to whatever they want (a.k.a. hackers paradise)!
I am looking for an htaccess solution file placed in the root of my webpage (alongside the index.php) and using mod_rewrite (as I already have some rules in place with this specific syntax) in a style of:
RewriteCond
RewriteRule
Specifically, I just need to deny public access to all the files in all the directories and subdirectories in ./js/ckeditor (basically everything in and behind ckeditor directory)
I did search for the solution on the internet but all I could find was how to deny access to subdirectories, not all files in all the subdirectories of one directory.

Related

Redirect domain to subfolder, from subfolder

My friend's dad asked me to change the design of his website, so he gave me access to his account and I created a sub-folder where I uploaded the new design. The problem is that he has forgotten the password to his control panel and I only have access to the FTP in the sub-folder. I'm trying to redirect the domain (currently going to the root folder) to the sub-folder but since I don't have access to the root folder I'm finding it difficult to do so.
I've already tried a redirect with .htaccess but since I can only upload the file to my sub-folder, it thinks the redirect is to a sub-folder within that folder, instead of the folder inside the root.
TL;DR...
I want to redirect 'mydomain.com' to 'mydomain.com/folder' but only have access to the FTP in 'mydomain.com/folder'.
Thanks in advance!
.htaccess applies to the directory that contains it.
You cannot change this if you have not access to vhost.conf files (what would change the base dir of the site) or to the parent directory’s .htaccess.
You will need to:
Reset your dad’s friend’s password and forget this redirect, changing the existing web files (the cleanest way), or
change the .htaccess file in your parent's dad directory, adding this:
RewriteEngine on
RewriteRule ^/?(.*)$ dir2/$1 [R=301,L,P]
This should redirect the user to dir2, hiding that redirect in the urlbar.
h/t #Alejandro Teixeira Muñoz for the edits!

which are the valid .htaccess directories

Is there any need for .htaccess files in directories higher than that where index.html is placed?
I found such a file one level higher after a FileZilla accident (my fault; not Filezilla's) and suspect it should be deleted.
The .htaccess file has an effect on the directory it's in and all the descendent directories. You would need another .htaccess in a sub-folder if it was altering rules or adding new ones to what was inherited from its parent directory.
To expand on this based on more info from below: If the .htaccess files are in directories above your hosting dir, they will have an effect. However you should not amend or delete files on shared servers that you don't have direct authorization to. Check with your host or sysadmin - maybe those files need to be there, or perhaps they can be tidied up. In any case you can override .htaccess rules with a .htaccess file in the subdirectory.

Could not access php file on core modules's external folder in social engine4

I have installed the plugin 'Advanced Search Plugin Like Facebook Search' of younet and I noticed the error that application/modules/Core/externals/scripts/ynadvsearch.php is not found.
Then I checked the location and the file was there. So I uploaded a test.php file and typed the url in address bar then also I could not access the test.php page. But I am able to access all the js pages on that folder.
I have deleted the htaccess file of external folder. But the issue remains the same.
How can we fix this?
It's a little weird, usually /externals/scripts folder is used only for javascript-files (and all php-files - inside of /controllers folder).
File .htaccess inside of /externals folder contains a rule
<FilesMatch "\.avi|flv|mov|wmv|wma|mp3|mp4|m4a|mkv|swf|pdf|doc|ppt|ico|jpg|jpeg|png|gif|js|css)$">`
It means that *.php files are not allowed for access inside of this folder.

Make php.ini file recursive on 1and1 hosting

I have my website hosted on 1and1 servers and I want to adjust some settings in a php.ini file. I can create the file and it is being interpreted correctly but only for the immediate directory not for any subdirectories. I would like to not have to copy the php.ini file into every single subdirectory. The only way I have seen to do this from googling is to add the following to the .htaccess file
suPHP_ConfigPath /path/to/htdocs/php.ini
I have an .htaccess file and the different directives I have in there are being interpreted correctly but when I add that line it causes a 500 Internal Server error.
Can anyone suggest what I can do so that the php.ini settings are used in all the subdirectories without having to duplicate the php.ini file into all the subdirectories?
You could create soft links in each folder to your main php.ini. 1and1 disallows many directives in their .htaccess files. 1and1's support site has more information.
The suPHP is evaluated in a .htaccess PerDir context. If you want to have different ini files for different directories then you need to use a separate .htaccess in each relevant directory. By default Apache will use the lowest .htaccess on the request URI's path that it can find. Alternatively if you have a systematic naming convention for the filenames, then you ban place the different suPHP directives in different directives.

CakePHP htaccess modification to allow vBulletin

I'm looking to set-up a vBulletin install next to a CakePHP install. I was planning on just popping the the vB folder into webroot, but when accessing the folder in my browser, it loses the short URL (i.e. it goes from .com/community to .com/app/webroot/community)
Because of this I wanted to put the vB folder into the root of the directory, next to the app directory, so I can access it directly via .com/community - but the htaccess file is getting in the way, complaining that it can't find the community controller.
So my question is this - what edits do I need to make to the htaccess file for it to allow access to the /community folder directly.
Thank you
Add the following line to your .htaccess file:
RewriteRule ^(community).* - [NC,L]
This will allow direct access to the community folder which is in root directory. Accessing http://localhost/community would be possible after adding this rule.

Resources