FilesMatch issue

Discussion in 'General' started by Dmitry, Nov 9, 2013.

  1. Dmitry

    Dmitry New Member

    Hello.

    LSWS and LSAPI last version, CentOS 6.4.

    For test i used such files and directiries:

    www/test/.htaccess
    www/test/index.php
    www/test/....some files else ....

    www/test/test2/.htaccess
    www/test/test2/index.php
    www/test/test2/....some files else ....

    www/test/.htaccess contains
    Code:
    <FilesMatch "\.([Pp][Hh][Pp]|[Cc][Gg][Ii]|[Pp][Ll]|[Pp][Hh][Tt][Mm][Ll])\.?">
       Deny from all
    </FilesMatch>
    
    www/test/test2/.htaccess contains:

    Code:
    <FilesMatch "\.([Pp][Hh][Pp]|[Cc][Gg][Ii]|[Pp][Ll]|[Pp][Hh][Tt][Mm][Ll])\.?">
       Allow from all
    </FilesMatch>
    
    When i request www/test/test2/index.php, i get 403 error. Works www/test/.htaccess but must work www/test/test2/.htaccess which have "Allow from all". Why it does not?
  2. NiteWave

    NiteWave Administrator

    should be same issue described in
    http://www.litespeedtech.com/support/forum/showthread.php?t=6593

    it can be further simplified by:
    www/test/.htaccess
    <Files *>
    Order Allow,Deny
    Deny from all
    </Files>

    www/test/test2/.htaccess
    <Files *>
    Order Allow,Deny
    Allow from all
    </Files>

    access to /test/test2/*
    apache: ok,
    litespeed: deny

    apache's rules looks very complicated:
    http://httpd.apache.org/docs/2.2/sections.html#mergin

    the news is that apache 2.4 not compatible with apache 2.2 as well regarding "Order, Allow, Deny, and Satisfy"

    refer
    http://httpd.apache.org/docs/current/upgrading.html
  3. Dmitry

    Dmitry New Member

  4. NiteWave

    NiteWave Administrator

    the particular issue is fixed -- I logged in the user's server and helped him to resolve the issue and he's satisfied with it.

    if you ask for 100% compatible, usually it's not possible in practice since the complexity. that should be no choice other than stick to apache. there are some big incompatible issues between apache versions as well, mainly 1.x, 2.2 and 2.4

    how to address this issue at the moment,
    1) follow apache 2.2 or
    2) follow apache 2.4 or
    3) document clearly the difference so that user can easily to switch between apache and litespeed with minimum effort and time consuming

    I'm not sure. need further discussion I think. just summary here to emphasize it.
  5. Dmitry

    Dmitry New Member

    It's easy switch to Apache if user have VPS or dedicated server. For shared hosting servers it's impossible. Users come from Apache servers and wont to work with their .htaccess rules. For exapmle, rule from the first post i got from DataLife Engine CMS. I'm not shure that the reason in difference between Apache versions. Child .htaccess must rewrite parent's same rules, but it dos not for Files and FilesMatch on LS.
    If i use simple Allow and Deny without FilesMatch, they work fine.

Share This Page