.htaccess not working for apache 2.4 - [Fixed in 3.2.64]

DoctorMunoz · 22.02.2019 17:33:37

When enabling the security option to secure the download folder (configuration -> security, first option, "Download Ordner schützen?" in german) and saving the options,
JDownload creates an .htaccess file which is only suitable for Apache 2.2 or less:

Code Select


Options -Indexes
Deny from all

This results in all files in the jdownloads folder still being normally accessible via direct access via their path. On Apache 2.4, instead of

Code Select

Deny from all it should be

Code Select

Require all denied

A solution working for both 2.2 and 2.4 in the .htaccess (borrowed from the, security-wise, typically well-informed nextcloud) could be to replace the "Deny from all" line by:

Code Select


# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>

# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>

JDownload version 3.2.63, Joomla version 3.9.3, Apache 2.4.29, MariaDB 10.3.11, PHP 7.2.15, Ubuntu 18.04.2

ColinM · 24.02.2019 09:55:20

Hi
Thankyou for the information - very helpful
Colin

jDownloads Support Forum

News:

.htaccess not working for apache 2.4 - [Fixed in 3.2.64]

DoctorMunoz

ColinM