Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

htaccess problems

  1. Home
  2. Forum
  3. Increasing Security
  4. htaccess problems

ghost's Avatar

ghost

0 0

Im trying to set up some pretty simple .htaccess configurations on my server, but am having some pretty confusing problems. Here is the file I have so far…

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files ~ "\.txt$">
Order allow,deny
Deny from all
</Files>

IndexIgnore *

All I am trying to do is disable all dir listing, stop access from the url bar to files with a .txt extension, and of course prevent the htaccess file itself from being accessed.

I have put this file in the root of my server, so it should affect all files and folders on it (so I gather), but I have observed some pretty odd behavior.

If I access a folder on my server, I get a directory listing (www.server.com/folder) If I access a .txt file in that folder, it gets denied (www.server.com/folder/test.txt) If I access another subfolder, I get a listing (www.server.com/folder/folder) If I access a file in that subfolder, I can view the contents (www.server.com/folder/folder/test.txt)

Can anyone see why this isnt working? I shouldnt be seeing these directory listings at all, and the .txt access is really confusing me…

Any help is much appreciated.

Cheers, JJ


clone4's Avatar

clone4

Perl-6 Wisdom Seeker
0 0

check your httpd.conf file, search for htaccess string and you should find AllowOverride None directive. Change it to All, and restart the server ;) Oh and maybe instead of IndexIgnore *, you could use Options -Indexes, which will return 403 forbidden rather then empty index…

Also httpd.config denies by default access to htaccess files, so no necessity to include that…


ghost's Avatar

ghost

0 0

Nice one :D

For some reason my httpd.conf seems pretty empty, theres only 5 lines, no comments or anything I expected to see.. Installed from an apt repo as well.

edit Still no joy, I have placed the following lines in my httpd.conf:

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

But still no luck…


clone4's Avatar

clone4

Perl-6 Wisdom Seeker
0 0

jjbutler88 wrote:

For some reason my httpd.conf seems pretty empty, theres only 5 lines, no comments or anything I expected to see.. Installed from an apt repo as well.

That certainly isn't right… Check this http://www.devside.net/guides/config/linux/httpd-conf. I'd send you mine, but currently I'm working under windows


clone4's Avatar

clone4

Perl-6 Wisdom Seeker
0 0

MoshBat wrote: Repos are tailored for the OS, not your use…

but still 5 lines for a server config file seems a little weird to me…

@jjbutler: Have you restarted the server? (I know trivial, but I often forget to do that)

Also:

<Directory "here should be full path to your www folder">
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all

</Directory>

ghost's Avatar

ghost

0 0

Yeah, I have absolutely no idea how my apache was running with a 5 line config file, got the full version modified now, fixing it up for the errors then gonna give it a spin.


ghost's Avatar

ghost

0 0

Solved! Props to moshbat and clone4 for the help.

The real problem resided in the file '/etc/apache2/sites-available/default'. After changing the AllowOverride to All in there, everything was ok.

Cheers guys :D