thebodster / clients-oriented-ftp

Automatically exported from code.google.com/p/clients-oriented-ftp
0 stars 0 forks source link

Files all viewable if Apache's AllowOverride is None #516

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Install as normal and have AllowOverride None in your site config for apache

What is the expected output? What do you see instead?
The upload/files folder is now viewable and is not blocked my the 
upload/.htaccess file.

What version of the product are you using? On what operating system?
r561 on Ubuntu Server, which has the default configuration for /var/www to be 
AllowOverride None.

Please provide any additional information below.
This could be fixed by providing an index.php file in upload/files and 
disallowing the upload of any file with that name to the system, which would 
not be a bad idea in itself.

If that is not an option, the installer should warn that AllowOverride is not 
working and that it should be remedied.

Original issue reported on code.google.com by acerbus...@gmail.com on 7 Dec 2014 at 10:18

GoogleCodeExporter commented 9 years ago
AllowOverride None disables the .htaccess files from being used throughout the 
website. Your Apache config is wrong.

Attached a -working- example.

Original comment by crashf...@gmail.com on 13 Jan 2015 at 8:36

Attachments:

GoogleCodeExporter commented 9 years ago
I am aware of this, but the installation does not warn against it, so there 
should be a fallback such as a blank index.html or index.php to prevent 
misconfigured servers ruining all file security

Original comment by acerbus...@gmail.com on 15 Jan 2015 at 6:10