I'm looking for an Apache configuration, module, or perhaps cgi/php/whatever script to allow users of my website to not only browse directories but also browse right into compressed .zip files (*) in those directories as if they were regular directories.
Background:
I run an Apache web server and one of the services it provides is a simple directory listing to some files that people need access to.
Some of these files are compressed (*) and generally that is good because people normally want to download the whole thing. However it would be really useful if it were also possible to seamlessly browse into the compressed files just as if they were regular folders.
While I could write a cgi script to do this myself, surely this has been done before. Surely, although my web searches have not found one, there's just an Apache module to do it.
Any pointers?
Steve
(*) Using .zip, not .tar.bz2, alas. It's a requirement, don't blame me.
Related
A month ago I purchased a domain & hosting. Besides dabbling in some HTML for fun a few years ago, I didn't have any experience in all this "technical stuff". After a month of "doing my homework", I'm still trying to figure out a few things and I haven't had much luck searching SO or Google...
I've really only been using Filezilla & Notepad up til this point - I've been trying to keep it simple. Browsing my server, I couldn't seem to find the file "httpd.conf" or "php.ini" (among other files & dirs). I've been dabbling in .htaccess as an alternative but I've hit a roadblock since not all configs go in .htaccess files.
I made a phpinfo() script. Within that info, it shows "/etc/php5/cgi/php.ini" - yet this directory isn't shown in filezilla.
I know I must be missing something - how do I back up, access this directory & edit those configuration files?
Thank you so much for your help & deepest apologies if I've made you facepalm :P
-adraedin
If you just purchase hosting (as opposed to a virtual server), you will not usually have access to system-wide configuration files like php.ini or the global httpd configuration directories.
Instead, you can perform a limited subset of configuration through .htaccess files in your directories.
The reason you don't see the configuration directories is that your FTP access only shows you your own directory, neither those of other users on your server, nor the system-wide configuration or other software that might be running there.
Your php.ini file is extremely important. It is highly unrecommended to edit this file unless you know what you're doing. The most likely reason you can't see it is because it is outside of your "privilege zone" (meaning its hidden by your hosting company). This is typically done so that you don't mess with other accounts and domains using the same server.
If you need a change something within the httpd.config or php.ini file, and you can't make the change in your .htaccess, usually you can contact your hosting company and they'll modify the file for you. It really just depends on what you're looking to change/modify/edit.
Most of the time, in regards to your hosting, you can only see your account/domain files. This keeps you restricted to a particular section of the hard drive so you don't start messing with other peoples files/configurations.
I have looked around a great deal on the Drupal forum and elsewhere but I cannot yet resolve this.
I have had to reinstall a large, fully functional site (Drupal 7.18) onto a new server. This has gone very smoothly. However, I do not seem to be able to set permissions for my sites/default/files directory in a manner that keeps it accessible and safe when browsing using the IMCE file browser.
Usually I set sites/default/files (and subdirectories within it) as 755, with files within these directories as 664. This works well on many other Drupal 7 sites I have built.
HOWEVER in this case, with these permissions I get the message "Unable to get a working directory for the file browser".
Only by setting directory permissions as 777 can I browse the files in these directories using IMCE - and I know that is really bad practice on shared hosting.
Please can someone advise on troubleshooting this? I have spent hours but I am getting nowhere.
I wonder if the ownership of the files and directories themselves is wrong. If they are wrong, can anyone direct me to step-by-step instructions for changing them?
Examining the 'problem' files and directories using FireFTP, I see
that both user and group names are the same as the FTP username that
was given me by my web host.
Looking at another Drupal site that works properly, I see that files
and directories in sites/default/files are set to user 531/group 528.
Thanks in anticipation! I am running D7.18 on PHP 5.2.10 with extensions enabled. Everything else seems to be working very well indeed. However, I am not sure I have the Apache or Linux skills needed to resolve this, or even to ask my hosts the correct questions ...
755 basically means that only the owner of the files can modify them, so you could try changing the directory permissions to 775 so that the owner and group can modify.
If you are using shared hosting I suggest you ask your hosting provider to help as they will have a better understanding of the users and groups on the server.
Cheers
The title doesn't really sum it all up...
I have recently installed ModX Revolution 2.2.4 on an Apache server and I am having complications with the cache folder. Occasionally I have to manually clear the cache folder via ftp, but any files written there are owned by Apache and my account can't delete them. I have tried adding the "new_file_permissions" and "new_folder_permissions" to the system settings, but there is no change. The cache files are always owned by Apache and I have no access via ftp.
Also, files such as the .htaccess and really anything I upload (css etc) are seen as uneditable to modx unless I manually change them to 777 via ftp. I can't change owner and group though.
The server tech can't figure it out. This has come up before on the modx forums but it has never been answered.
Obviously, this is a server problem.
I had this problem (with an IIS server though), and the host needed to change some of their settings.
Especially, if MODX works on your different host(s).
That is the way it is supposed to work, your FTP account does not have permission to write files written by apache, your ftp may be a member of the group but does not have write permission. [needed to delete]. I suspect this is by design for security purposes.
Your new_file_permissions, new_folder_permissions are used for the modx file manager.
So you can do a couple of things:
Run modx under fastcgi, that way the user writing the files should be the same user as the ftp user.
OR
write a little script [you can even stuff it in a snippet] that will delete the cache files for you. [since it will be running as the apache user, it should be no problem.
for realtime online tournaments i upload a bunch of html pages, generated by our tournament software. On the webserver i do the things with these files which are needed to do. So the tournament software is "integrated" in our website.
Now we want other people run these tournaments and then they do have to upload these generated html/css files. Via http upload it really is too much work en takes too much time.
I wanted to create another ftp account with only acces to the tournament directory. So far so good.
But, i want to limit the uploading filetypes just to html and css files, so they can only upload static content via ftp (i am just paranoid, i do not want they can upload php files with possible dangerous code or other unxpected filetypes)
is this possible?
Files are just sequences of bytes, the extension has nothing to do, the danger is the way you read them. You must set the uploaded files to be non-executable and you are safe. Even if you set .css files to be uploaded somehow, you cannot check if it is safe or not by only extension, the attacker may have changed the extension by hand. Also, uploading PHP files will not be problem, if you specify an upload folder that Apache does not know, i.e not below your www folder.
I have a directory on my website specifically for javascript files, I want these javascript files to be hidden, so if I type the url to it it says Forbidden or disallows access, but my front-end website files can still access them to execute them when needed. Is there a way to do this through a FTP client?
Cheers,
Dan
You can't do this trough a ftp client. It is the task of your webserver to forbid access to certain files.
If you change permission, the webserver won't have access to them anymore, so this is not the way to go.
You must configure your webserver to restrict the access. If you're using Apache, you can use an .htaccess file. There's different ways of doing this, many depends on the way the webserver is configured.
The easiest is to put an .htaccess file in your Scripts folder which contain only this none line :
deny from all
However, like peeter said, there's a good chance this will break your site, since the browser must access theses files, so you can't restrict access.
Put a htaccess file in your scripts folder containing deny from all, but this will stop your pages from accessing the scripts also (though not if you pass them through the PHP engine first)
You're trying to hide JavaScript files that are executed on the clients side. If a client(browser) cannot access the files means non of your javascript code is executed.
If I understood your question correctly then you cannot achieve what you're trying to achieve.