I have roundcube installed on a server i'm working on now. But the rules that deny access to 3 files as shown here, in the roundcube root, aren't being applied. I know this because I can browse the config, temp and logs files via a browser.
I'm I right to assume that there's another .htaccess file not allowing these rules to be applied?
and if yes, how do I do I find this file and make sure that the rules are applied?
If no, what else would cause this kind of behaviour?
The server is running Ubuntu 14.04
Related
I installed valet on Kali Linux, and pinged a test domain to make sure it's working which it is. However, after running valet park in the folder directory that I have my files. It redirects me to xampp dashboard whenever I access the route on the browser. I know very well to type the folder name followed by a .test domain. I've tried almost everything online. I see this is a popular issues and I've gone through every possible solution I see online. It's still not working, I tried to rename the index.php file in the htdocs folder which gets render automatically whenever you access the htdocs folder, now it only list the folder structure for me as a result. I tried to move the project out of htdocs still not working. I stopped apache and tried accessing it again but unfortunately I got, "This site cant be reached"
No response.. Well fortunately i was able to fix it, not sure it's the best way. But hopefully this might help someone, i configured ssl on the domain with valet using valet secure foo.bar and it automatically redirect to https. That way, i was able to escape from xampp
I need to change the root directory for one of my domains,
But in my cpanel i dont find any options, just hard cores of system, but i have very basic knowledge about systems and servers.
How i can change that directory as easy as possible? I just need to change something because im gonna install laravel, and i want to change the public html to the public of laravel.
I was looking for the file that has the apache config, but it says like "the current config doesnt need to be changed or updated, bacause can be overryde", so i tought in Cpanel maybe i got an option for this.
Thanks, By the way i got an VPS, not shared. Using CENTOS 7.9.
Thanks and good night ^^
In cPanel, you can't change main domain directory/document root. If you want to change the document root, just change the main domain to another/random domain. Then add the domain that you want to change the root directory as addon domain
It's not recommended overriding Apache config. It's may break your system. WHM/cPanel exists to manage domains without a system admin knowledge
Do you try change this using console in Centos?
maybe will be better using console and open the file that contain the directory root
I am writing some php scripts that I am using for personal reasons. One thing I noticed that if I type in the directory on the browser I am able to see all files in the directory.
How can I prevent the browser from viewing any of the files in a directory? I want to be able to send requests to the server and let the server run the script. Can someone point me in the right direction? Should I configure the .htaccess file? If so, what should I be looking for?
FYI: I am on a shared hosted server.
the fast way to do that creat .htaccess ex: under /public_html/
and put this code inside it
Options -Indexes
all about .htaccess to more information
I want to do some very basic .htaccess stuff like block a directory by IP address. I know why this problem is happening, I just don't know how to fix it. I've read every post I can and there doesn't seem to be a consensus on how to fix it. Railo/Tomcat is grabbing control of the page before .htaccess rules are applied.
I am running Centos with Railo / Tomcat / Apache. I believe I am using mod_cfml, at least that's what's under the connector folder.
I have tried putting my .htaccess files in httpd.conf without any luck. I'm not sure I was doing that correctly, but I dropped the code into the virtual domain section of the site I'm working on.
Has anyone got this to work properly?
On iis you can change the order modules run which would solve that issue Asbyou would tell the htaccess module to run before mod_cfml
Can you do that on Apache?
Knowing that a deny from all directive will traverse all sub-directories and files below it, and ignoring the obvious caveats of "if you forget" to copy the .htaccess file or if you typo creating an .htaccess file...
Is there a risk in security between storing non-public files outside of the DocumentRoot versus placing an .htaccess file with a deny from all directive in each non-public directory in the DocumentRoot?
There are a few things to consider here:
.htaccess is only going to protect your file from access over the
web. For example, suppose you have a typical FTP server setup with
virtual users who are restricted to the document root. If an
attacker gains access to your FTP server (which is not that
far-fetched given how insecure most FTP configurations are), they
will have access to both the .htaccess file and any of your
protected files that are in the document root.
That was just one example that may not apply to your environment,
but the idea that I'm really trying to get at is that .htaccess
files don't give you that much depth in your security. They protect
you in one context (access over the Internet) but not in others.
Your server administrator has the ability to disable specific .htaccess
directives, to disable certain Apache modules (which your .htaccess file
may use), and even to disable the use of .htaccess files period. If you
don't have control over your Apache configuration (which I'm assuming
is the case since you're choosing to overwrite it with an .htaccess file),
you also don't really have control over whether your .htaccess file is going
to be respected. It really comes down to your relationship with your
host/server administrator and what they decide to allow.
Finally, if the .htaccess file is writable by the user your Apache
server is running as, a determined hacker can modified that file.
Ex. if you're using Wordpress, many popular themes will demand write
access to the .htaccess file so that they can control URL rewriting.
I'd imagine some other Content Management Systems do the same.
With all that said, using an .htaccess file (or directly altering your Apache configuration files) may still be a perfectly valid security measure for you. It depends on what your environment as a whole looks like -- how your server is configured, what you're trying to protect, etc. Hopefully I at least gave you some things to think about.