What are security issues if using blank htaccess? :: Archived

Tonic · Newbie Offline Joined: Jul 20, 2004 Posts: 40

When I installed cpg nuke a few days ago, I had been getting 500 internal server errors, read up on these forums that it could be the .htaccess file... so I made the file blank, and it works now.

What is this going to do with the security of my website?

I know this is the wrong forum to mention this but: How should I modify my .htaccess file(s) to work with my server? (web hosted, not local.)

Thanks in advanced for all help and answers!

Phoenix

Don't make it blank - you may only need to comment out the last line, which has worked for others, like below. Leaving it blank is like parking an expensive new car in a bad neighborhood, with the keys in the ignition.

#Options -Indexes

btw, this is the correct forum, but you need to provide more info about OS/Apache/PHP/MySQL versions if you want help - what's in your profile is useless.

Tonic · Newbie Offline Joined: Jul 20, 2004 Posts: 40

bah it did not work... here is my server info:

PHP Version 4.3.4
FreeBSD-Server version: Apache/1.3.29 (Unix)
MySQL 4.0.13

php info @ www.tonic-discharge.com/info.php

Phoenix

ask your host to enable mod_rewrite

Śyama_Dāsa

try just this

Code::

<limit GET PUT POST>
order allow,deny
allow from all
</limit>

# deny most common except .php
<filesmatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">
deny from all
</filesmatch>

#Disable .htaccess viewing from browser
<files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</files>

<files ~ "\config.php$">
deny from all
</files>

# You can change to yoursite.com
ErrorDocument 403 /error.php?403
ErrorDocument 404 /error.php?404

Do you know if php is running as a module or as cgi?

Tonic · Newbie Offline Joined: Jul 20, 2004 Posts: 40

cgi - and mod_rewrite is enabled. going to test script... I'll post if works.

Tonic · Newbie Offline Joined: Jul 20, 2004 Posts: 40

awsome, worked. Thanks akamu Smile

Phoenix

Guess you didn't apply the change I provided - commenting out is exactly the same result.

rusty_blade

OK, I posted this a while ago. I have been getting frequent errors on my server, but no one said how to modify the .htaccess. So I did it the way akamu posted, and I will tell you later if I see any errors later on.

tour93

Tonic said he is using php in cgi mode. My host told me I need to use php.ini instead of .htaccess. Anybody had to do that before?

jody · Newbie Offline Joined: Jul 16, 2004 Posts: 6

I'm kinda in the same boat.

I have installed Power Movie List. I couldn't get it to work properly with the .htaccess in my root (from CPG Nuke), even though PML created a .htaccess in its own directory. I found out (through trial & errorS) that it was my .htacess in my root that was "overidding" it. I emptied it out.

What should I have in there if I want my PML to work properly?

Tonic · Newbie Offline Joined: Jul 20, 2004 Posts: 40

Phoenix wrote:

Guess you didn't apply the change I provided - commenting out is exactly the same result.

Well I tired to remove what you told me to, maybe I had removed too much, or not enough... When I did compare the two htaccess (origonal exempt the last line) and the one akamu provided they looked identical... I tried it anyway, and it had worked... dunno what I had done wrong than Rolling Eyes

Thank you both for the help Smile

chris333

i have the same problem as some guys here, but i installed the latest cvs, if i use the htaccess i get the "Internal Server Error" error, what's wrong?

my testsite is here: www.yoohoo.lu/cpgn9/

NEMINI · Diamond Supporter Offline Joined: Apr 22, 2004 Posts: 4551

change:

Code::

php_flag register_globals 0

tp

Code::

#php_flag register_globals 0

chris333

GMINI03 wrote:

change:

Code::

php_flag register_globals 0

tp

Code::

#php_flag register_globals 0

thx,

could you also explain to me what have i done if i don't use that line, do i miss something? the other question why does every use the file and has no problems but i have to remove that line? is it a problem with my server software?