News:

Support for jDownloads 3 has been ended
Since 17 August 2023 Joomla.org has discontinued support for Joomla 3.x. Therefore, we will no longer offer official support for our Joomla 3 jDownloads version 3.9.x from January 2024.
Please update your website to the latest Joomla version (Joomla 4 or Joomla 5) as soon as possible. Afterwards, please update jDownloads to the latest published version. The longer you delay, the more difficult the upgrade process for your website is likely to be.

Main Menu
Support-Forum

.htaccess not working for apache 2.4 - [Fixed in 3.2.64]

Started by DoctorMunoz, 22.02.2019 17:33:37

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

DoctorMunoz

22.02.2019 17:33:37 Last Edit: 26.02.2019 10:02:21 by Arno
When enabling the security option to secure the download folder (configuration -> security, first option, "Download Ordner schützen?" in german) and saving the options,
JDownload creates an .htaccess file which is only suitable for Apache 2.2 or less:
Code Select

Options -Indexes
Deny from all

This results in all files in the jdownloads folder still being normally accessible via direct access via their path. On Apache 2.4, instead of
Code Select
Deny from all it should be
Code Select
Require all denied


A solution working for both 2.2 and 2.4 in the .htaccess (borrowed from the, security-wise, typically well-informed nextcloud) could be to replace the "Deny from all" line by:

Code Select

# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>

# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>


JDownload version 3.2.63, Joomla version 3.9.3, Apache 2.4.29, MariaDB 10.3.11, PHP 7.2.15, Ubuntu 18.04.2
  •  

ColinM

#1
24.02.2019 09:55:20
Hi
Thankyou for the information - very helpful
Colin
Colin M
  •  
Print
Go Up Pages1
User actions