www.jdownloads.com
« previous next »
Pages: [1]   Go Down

0 Members and 1 Guest are viewing this topic.

*
.htaccess not working for apache 2.4 - [Fixed in 3.2.64]
« on: 22.02.2019 17:33:37 »
When enabling the security option to secure the download folder (configuration -> security, first option, "Download Ordner schützen?" in german) and saving the options,
JDownload creates an .htaccess file which is only suitable for Apache 2.2 or less:
Code: [Select]
Options -Indexes
Deny from all
This results in all files in the jdownloads folder still being normally accessible via direct access via their path. On Apache 2.4, instead of
Code: [Select]
Deny from all it should be
Code: [Select]
Require all denied

A solution working for both 2.2 and 2.4 in the .htaccess (borrowed from the, security-wise, typically well-informed nextcloud) could be to replace the "Deny from all" line by:

Code: [Select]
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>

# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>

JDownload version 3.2.63, Joomla version 3.9.3, Apache 2.4.29, MariaDB 10.3.11, PHP 7.2.15, Ubuntu 18.04.2
« Last Edit: 26.02.2019 10:02:21 by Arno »
Logged
*
Re: .htaccess not working for apache 2.4
« Reply #1 on: 24.02.2019 09:55:20 »
Hi
Thankyou for the information - very helpful
Colin
Logged
Colin M
Pages: [1]   Go Up
« previous next »
 

Legal Notice
Privacy Police
Contact