jDownloads Support Forum

Older Versions => jDownloads 3.2 (Support ended) => Bugs => Topic started by: DoctorMunoz on 22.02.2019 17:33:37

Title: .htaccess not working for apache 2.4 - [Fixed in 3.2.64]
Post by: DoctorMunoz on 22.02.2019 17:33:37
When enabling the security option to secure the download folder (configuration -> security, first option, "Download Ordner schützen?" in german) and saving the options,
JDownload creates an .htaccess file which is only suitable for Apache 2.2 or less:

Options -Indexes
Deny from all

This results in all files in the jdownloads folder still being normally accessible via direct access via their path. On Apache 2.4, instead of Deny from all it should be Require all denied


A solution working for both 2.2 and 2.4 in the .htaccess (borrowed from the, security-wise, typically well-informed nextcloud) could be to replace the "Deny from all" line by:


# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>

# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>


JDownload version 3.2.63, Joomla version 3.9.3, Apache 2.4.29, MariaDB 10.3.11, PHP 7.2.15, Ubuntu 18.04.2
Title: Re: .htaccess not working for apache 2.4
Post by: ColinM on 24.02.2019 09:55:20
Hi
Thankyou for the information - very helpful
Colin