folder protection problem
Hello.
One of our clients has in /public_html file .htaccess which consists of line:
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
The thing is this rewrite condition makes that .htaccess with protection rules in /public_html/protected_folder doesn't work.
Any idea how to solve this without modification of line:
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
Is this users site a joomla site?
Htaccess examples (security - Joomla! Documentation)
Yes, there is joomla. This rewrite condition provides friendly urls for robots, for example it is creating links like pageaddress.com/graphics/super-graphic-program/ so we cannot edit or remove this line from htaccess.
Any idea to protect directory inside of public_html with this htaccess?
Did you look at the link above? The line you mention is listed there for blocking exploits. If this particular line is causing you problems you might want to try remarking it out from the htaccess file and see if that solves your problems.
From that link above:
Change it to:Code:# Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
Code:# Block out any script trying to modify a _REQUEST variable via URL # RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
I don't have a live Joomla site to test on but I don't recall this line being a problem for Joomla sites (and htaccess) in the past.
The thing is when i comment this line (as i tested it before) the whole portal stops working. Links like myportaldomain.com/graphic/graphic-editors/something aren't working. I thought these lines makes robots friendly links.
So:
When i put this line into a comment, .htaccess with password protection in public_html/somefolder works correct,
but whole joomla portal isn't working - links like i wrote before mydomainportal.com/something/this-and-that aren't working.
When i uncomment this line links are ok, but when i go to public_html/somefolder i get 404 on index.php,
here is whole .htaccess in public_html (yes this is joomla):
Code:Options +FollowSymLinks RewriteEngine On RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] RewriteCond %{REQUEST_URI} (/|.htm|.php|.html|/[^.]*)$ [NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] RewriteBase / DirectoryIndex index.php php_flag register_globals off php_flag display_errors off Options -indexes <Files 403.shtml> order allow,deny allow from all </Files>
Last edited by tttomasz; 02-11-2010 at 10:06 AM.
LinkBack URL
About LinkBacks
Reply With Quote