www.jdownloads.com

0 Members and 1 Guest are viewing this topic.

When enabling the security option to secure the download folder (configuration -> security, first option, "Download Ordner schützen?" in german) and saving the options,
JDownload creates an .htaccess file which is only suitable for Apache 2.2 or less:
Code: [Select]
Options -Indexes
Deny from all
This results in all files in the jdownloads folder still being normally accessible via direct access via their path. On Apache 2.4, instead of
Code: [Select]
Deny from all it should be
Code: [Select]
Require all denied

A solution working for both 2.2 and 2.4 in the .htaccess (borrowed from the, security-wise, typically well-informed nextcloud) could be to replace the "Deny from all" line by:

Code: [Select]
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>

# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>

JDownload version 3.2.63, Joomla version 3.9.3, Apache 2.4.29, MariaDB 10.3.11, PHP 7.2.15, Ubuntu 18.04.2
« Last Edit: 26.02.2019 10:02:21 by Arno »
*
Re: .htaccess not working for apache 2.4
« Reply #1 on: 24.02.2019 09:55:20 »
Hi
Thankyou for the information - very helpful
Colin
Colin M