News:

Dear forum visitors, if the support forum is not available, please try again a few minutes later. Thanks!

Main Menu
Support-Forum

.htaccess not working for apache 2.4 - [Fixed in 3.2.64]

Started by DoctorMunoz, 22.02.2019 17:33:37

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

DoctorMunoz

When enabling the security option to secure the download folder (configuration -> security, first option, "Download Ordner schützen?" in german) and saving the options,
JDownload creates an .htaccess file which is only suitable for Apache 2.2 or less:

Options -Indexes
Deny from all

This results in all files in the jdownloads folder still being normally accessible via direct access via their path. On Apache 2.4, instead of Deny from all it should be Require all denied


A solution working for both 2.2 and 2.4 in the .htaccess (borrowed from the, security-wise, typically well-informed nextcloud) could be to replace the "Deny from all" line by:


# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>

# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>


JDownload version 3.2.63, Joomla version 3.9.3, Apache 2.4.29, MariaDB 10.3.11, PHP 7.2.15, Ubuntu 18.04.2
  •  

ColinM

Hi
Thankyou for the information - very helpful
Colin
Colin M
  •