|
|
03-04-2010, 12:42 PM
|
|
New Member
|
|
Join Date: Mar 2010
Posts: 2
|
|
[Resolved] htaccess file directives in subdirectories
I have the following htaccess file configured for one of my user's websites in /home/username/public_html/store:
Options -Indexes
<Files ~ "\.php$">
order allow,deny
deny from all
</Files>
So this will basically block php files from being accessed in this directory and all subdirectories when I visit mydomain.com/store (and any subdirectories within it)
Now I have a subdirectory within /store called /store/myimages and need to access php files in here so I placed the following .htaccess file within /home/username/public_html/store/myimages:
Options +Indexes
<Files ~ "\.php$">
order allow,deny
allow from all
</Files>
allow from all
What should happen is that the htaccess in this subdirectory should override the file directive in the directory above it. However, this does not work. I tested this exact same setup in Apache and it does work, but not on Litespeed. Any suggestions?
Last edited by NiteWave; 05-11-2010 at 06:06 PM..
|
03-05-2010, 03:59 AM
|
|
LiteSpeed Staff
|
|
Join Date: Sep 2009
Posts: 2,218
|
|
a suggestion: using RewriteRule instead of Files,order,allow/deny from
in /home/username/public_html/store/.htaccess
Code:
Options -Indexes
RewriteEngine On
RewriteRule \.php$ - [F]
in /home/username/public_html/store/myimages/.htaccess
Code:
Options +Indexes
RewriteEngine On
RewriteRule \.php$ -
|
03-05-2010, 01:22 PM
|
|
LiteSpeed Staff
|
|
Join Date: May 2003
Location: New Jersey
Posts: 7,585
|
|
|
Or, use
php_value engine off
and
php_value engine on
in .htaccess to control PHP support.
|
05-06-2010, 08:30 PM
|
|
Senior Member
|
|
Join Date: May 2007
Posts: 237
|
|
|
Wait, litespeed doesn't support "deny from all" ?
Or it doesn't support Files/FilesMatch ?
(or both?)
|
05-09-2010, 09:36 PM
|
|
Senior Member
|
|
Join Date: May 2007
Posts: 237
|
|
Well I have all those override options checked.
And this simply doesn't do anything
Code:
<Files config.php>
order allow,deny
deny from all
</Files>
config.php can still be requested via http
possibly a parent rule interfering?
if I remember correctly litespeed has an issue with inherit
this works
Code:
RewriteCond %{SCRIPT_FILENAME} config\.php$ [NC]
RewriteRule .* - [F]
however it bothers me there is not full apache compatibility via files/deny from all
Last edited by aww; 05-09-2010 at 09:53 PM..
|
05-09-2010, 11:12 PM
|
|
LiteSpeed Staff
|
|
Join Date: Sep 2009
Posts: 2,218
|
|
I did more tests on 4.0.14 standard, using exactly same lines as yours:
Code:
<Files config.php>
order allow,deny
deny from all
</Files>
in vhost level when AllowOverride any one of Limit/Auth/FileInfo/Indexes/Options
is checked, "deny from all" will take effect, return
403 Forbidden
Access to this resource on the server is denied!
however, if "None" is checked, or no check at all, "deny from all" won't take effect, the result is what you experienced.
I'll test on apache soon.
|
05-10-2010, 12:18 AM
|
|
LiteSpeed Staff
|
|
Join Date: Sep 2009
Posts: 2,218
|
|
appache 2.2.14
when AllowOverride Options/FileInfo/AuthConfig/Indexes (one of them)
return
Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
...
|
when AllowOverride All/Limit (one of them)
return
Quote:
Forbidden
You don't have permission to access /test.html on this server.
|
when AllowOverride None ,return normal result. -- "deny from all" is ignored.
summary for apache, when virtual host level AllowOverride is set to All/Limit, "deny from all" take effect, will return "403 Forbidden" -- as expected. when AllowOverride Limit is not explicitly set but other AllowOverride option is set, the return result looks undefined -- "500 Internal Server Error" in my test.
here's apache's docs:
http://httpd.apache.org/docs/2.0/mod...#allowoverride
"When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem."
"Default: AllowOverride All"
|
05-10-2010, 01:17 AM
|
|
Senior Member
|
|
Join Date: May 2007
Posts: 237
|
|
|
Sorry for not being clear, I am not checking "none" but all the others are checked.
I will try this on a clean vhost, there must be something else interfering, hard to track down.
|
05-10-2010, 01:46 AM
|
|
Senior Member
|
|
Join Date: May 2007
Posts: 237
|
|
Okay I found the problem and it's likely my fault.
I had another rule with Order deny,allow (instead of allow,deny) AFTER this config.php rule.
So apparently the effect is cumulative and litespeed goes through ALL the rules before making a decision, instead of failing the file right away.
Not sure if that is how apache behaves (easyapache no longer builds for me so I can't test)
Does apache die immediately or wait to see what other rules do?
try putting this AFTER the config.php rule
Code:
<Files *>
order deny,allow
deny from 4.4.4.4
</Files>
it works properly if I move it BEFORE the config.php
I guess I am used to mod-rewrite which will die immediately when told to do so.
ps. just out of curiosity does lsws support SetEnvIf and allow from env=
Last edited by aww; 05-10-2010 at 01:49 AM..
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 08:42 PM.
|
|
