The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

folder protection problem

Discussion in 'General Discussion' started by tttomasz, Feb 10, 2010.

  1. tttomasz

    tttomasz Member

    Joined:
    May 18, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hello.

    One of our clients has in /public_html file .htaccess which consists of line:
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

    The thing is this rewrite condition makes that .htaccess with protection rules in /public_html/protected_folder doesn't work.

    Any idea how to solve this without modification of line:
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. tttomasz

    tttomasz Member

    Joined:
    May 18, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Yes, there is joomla. This rewrite condition provides friendly urls for robots, for example it is creating links like pageaddress.com/graphics/super-graphic-program/ so we cannot edit or remove this line from htaccess.

    Any idea to protect directory inside of public_html with this htaccess?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you look at the link above? The line you mention is listed there for blocking exploits. If this particular line is causing you problems you might want to try remarking it out from the htaccess file and see if that solves your problems.

    From that link above:



    Code:
    # Block out any script trying to modify a _REQUEST variable via URL
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    Change it to:

    Code:
    # Block out any script trying to modify a _REQUEST variable via URL
    [B]#[/B] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

    I don't have a live Joomla site to test on but I don't recall this line being a problem for Joomla sites (and htaccess) in the past.
     
  5. tttomasz

    tttomasz Member

    Joined:
    May 18, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    The thing is when i comment this line (as i tested it before) the whole portal stops working. Links like myportaldomain.com/graphic/graphic-editors/something aren't working. I thought these lines makes robots friendly links.

    So:

    When i put this line into a comment, .htaccess with password protection in public_html/somefolder works correct,
    but whole joomla portal isn't working - links like i wrote before mydomainportal.com/something/this-and-that aren't working.

    When i uncomment this line links are ok, but when i go to public_html/somefolder i get 404 on index.php,

    here is whole .htaccess in public_html (yes this is joomla):

    Code:
    
    Options +FollowSymLinks
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR]
    RewriteCond %{REQUEST_URI} (/|.htm|.php|.html|/[^.]*)$  [NC]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule (.*) index.php
    
    
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ index.php [F,L]
    
    RewriteBase /
    
    DirectoryIndex index.php
    php_flag register_globals off
    php_flag display_errors off
    
    Options -indexes
    
    <Files  403.shtml>
    order  allow,deny
    allow from all
    </Files>
    
    
     
    #5 tttomasz, Feb 11, 2010
    Last edited: Feb 11, 2010
Loading...

Share This Page