Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Htaccess preventing file uploads?

Discussion in 'Security' started by bugetarul, May 19, 2018.

  1. bugetarul

    bugetarul Member

    Joined:
    Jul 19, 2014
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi
    the .htaccess settings block my upload of files. installing joomla modules.
    but I do not know which settings are causing me problems
    thank you


    Code:
    ##
    # @package        Joomla
    # @copyright    Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
    # @license        GNU General Public License version 2 or later; see LICENSE.txt
    ##
    
    ##
    # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
    #
    # The line just below this section: 'Options +FollowSymLinks' may cause problems
    # with some server configurations.  It is required for use of mod_rewrite, but may already
    # be set by your server administrator in a way that dissallows changing it in
    # your .htaccess file.  If using it causes your server to error out, comment it out (add # to
    # beginning of line), reload your site in your browser and test your sef url's.  If they work,
    # it has been set by your server administrator and you do not need it set here.
    ##
    
    ## Can be commented out if causes errors, see notes above.
    Options +FollowSymLinks
    
    ## Mod_rewrite in use.
    
    RewriteEngine On
    
    ## Begin - Rewrite rules to block out some common exploits.
    # If you experience problems on your site block out the operations listed below
    # This attempts to block the most common type of exploit `attempts` to Joomla!
    #
    # Block out any script trying to base64_encode data within the URL.
    RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
    # Block out any script that includes a <script> tag in URL.
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    # Block out any script trying to set a PHP GLOBALS variable via URL.
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    # Block out any script trying to modify a _REQUEST variable via URL.
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    # Return 403 Forbidden header and show the content of the root homepage
    RewriteRule .* index.php [F]
    #
    ## End - Rewrite rules to block out some common exploits.
    
    ## Begin - Custom redirects
    #
    # If you need to redirect some pages, or set a canonical non-www to
    # www redirect (or vice versa), place that code here. Ensure those
    # redirects use the correct RewriteRule syntax and the [R=301,L] flags.
    #
    ## End - Custom redirects
    
    ##
    # Uncomment following line if your webserver's URL
    # is not directly related to physical file paths.
    # Update Your Joomla! Directory (just / for root).
    ##
    
    # RewriteBase /
    
    ## Begin - Joomla! core SEF Section.
    #
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    #
    # If the requested path and file is not /index.php and the request
    # has not already been internally rewritten to the index.php script
    RewriteCond %{REQUEST_URI} !^/index\.php
    # and the request is for something within the component folder,
    # or for the site root, or for an extensionless URL, or the
    # requested URL ends with one of the listed extensions
    RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
    # and the requested path and file doesn't directly match a physical file
    RewriteCond %{REQUEST_FILENAME} !-f
    # and the requested path and file doesn't directly match a physical folder
    RewriteCond %{REQUEST_FILENAME} !-d
    # internally rewrite the request to the index.php script
    RewriteRule .* index.php [L]
    #
    ## End - Joomla! core SEF Section.
    
    # php -- BEGIN cPanel-generated handler, do not edit
    # Set the “ea-php72” package as the default “PHP” programming language.
    <IfModule mime_module>
      AddType application/x-httpd-ea-php72 .php .php7 .phtml
    </IfModule>
    # php -- END cPanel-generated handler, do not edit
    
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,161
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might try renaming that .htaccess to .htaccess.txt and then see if uploads work. I don't think that file is related to your issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. bugetarul

    bugetarul Member

    Joined:
    Jul 19, 2014
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    You are right. it's not that.
    do you have any idea what can be? I have applied some measures that aim to keep uploading and how I do not know which one

    Copy failed: /home/user/public_html/tmp/install_5b00f8682a684/packages/install_5b00f8685f681/en-GB.plg_system_eprivacy.ini to /home/user/public_html/administrator/language/en-GB/en-GB.plg_system_eprivacy.ini


    and so on
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,672
    Likes Received:
    1,788
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @bugetarul,

    Can you let us know of any specific output to /usr/local/apache/logs/error_log or to the error_log file within the document root of the website when the upload attempt fails?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice