I may need to modify our .htaccess file. Problem is I can't find it. We have several subdomains along side each other in the vhosts directory, and each subdomain has an associated .htpasswd file. How can find where the .htaccess file is.
Obviously, I didn't set this up and I'm certainly not known as an unix admin expert.
. (dot) files are hidden by default on Unix/Linux systems. Most likely, if you know they are .htaccess files, then they are probably in the root folder for the website.
If you are using a command line (terminal) to access, then they will only show up if you use:
ls -a
If you are using a GUI application, look for a setting to "show hidden files" or something similar.
If you still have no luck, and you are on a terminal, you can execute these commands to search the whole system (may take some time):
cd /
find . -name ".htaccess"
This will list out any files it finds with that name.
The .htaccess is either in the root-directory of your webpage or in the directory you want to protect.
Make sure to make them visible in your filesystem, because AFAIK (I'm no unix expert either) files starting with a period are invisible by default on unix-systems.
Related
I took over a website which I'm supposed to admin and somebody brought to my attention that certain Indexes and Files are available, which shouldn't be. I will be using dummy names.
You were able to access example.com/intern before, but I changed a line in /etc/apache2/apache2.conf according to this https://stackoverflow.com/a/31445273 . This worked partly, as I get a 403-Forbidden when I now navigate to example.com/intern and that's basically what I want.
However the directory intern governs a file called file.php.bak aswell as file.php. When I navigate to example.com/intern/file.php I get a white website. I am however not sure, if you are able to access file.php in another way, because the site does load and I don't get a 403 like before. What is way worse and the reason I am struggling with this is: If I go to example.com/intern/file.php.bak then my Browser (Firefox) offers me to download file.php.bak, which I can read in plaintext. I want all files in intern to not be accessible via the website, but I have no idea how to do this. Can anybody help?
Things I've tried:
Removing the Indexes from the apache2.conf file like mentioned above. It only puts the 403 on the directory itself and not recursively for all the files in it.
Writing a .htaccess file as described here: https://fedingo.com/how-to-prevent-direct-file-download-in-apache-server/ and putting it in intern with the same result as in 1)
Putting an empty index.html file in the intern directory. This leads to no more 403 in example.com/intern, but the download on example.com/intern/file.php.bak is still possible. I've also tried index.php with the same result.
File System:
The application runs from /var/www/application which is also the folder for the /var/www/application/index.php I want to use. The /var/www/application/intern directory is also there. While it isn't browsable anymore, the files in it still are accessible. /var/www/application/intern/file.php can be navigated to via example.com/intern/file.php, but it seems like it can't be downloaded or read as it results in a white page. /var/www/application/intern/file.php.bak can however be downloaded via example.com/intern/file.php.bak.
Let's say Apache document root is set to DocumentRoot "/folder_one/folder_two"
Placing files in a folder_one will prevent people browsing your apache server and requesting the files directly.
Place index file in folder_two and include some code such as PHP to tell apache to include whatever files you want from folder_one.
In this manor Apache will still be able to serve whatever files you want from folder_one and people will not be able to request the files directly as the are located in a directory above the Apache document root.
I am kind of new to vagrant and all of this (used xampp untill now for learning). Anyway, I am currently using puphpet to setup my boxes, and its working great.
But, I now have a question about config.yaml file. Under vhosts, what is the difference between docroot, and directories/avd_8.../path?
Do they have to be the same?
Docroot is the root folder of my whole project? Its where I have my index.php? If so, how is path different from it then?
Also, if I want to keep some files out of public directory, do I just keep them one directory back from docroot?
Thanks.
Edit: here is part of my config.yaml file that contains those 2 settings: http://imgur.com/a/8dC99
I have a hundred same sites in my root directory i want to modify one page and i must rewrite all sites , is there any easy way to modify them.
You can think as this, you have VPS root server and you set up 100 joomla in your server. They have different databases but all of them are same files.
And you must change footer.php file so what will you do?
You must open root and replace the footer file to all sites one by one.
And so it is a hard way. There must be easy way via SSH or Php codes, etc..
Thanks alot.
Use the editor of your choice and batch process all the files.
e.g. on Windows, mount the folder as a network drive, open all footer.php files in Notepad++ and do a search and replace on all open files.
e.g. on the Unix command line, use find (maybe xargs) and sed or vim -c. alternatively to something like the Windows approach with e.g. Sublime text or any other editor.
Whenever I create an .htaccess file in a directory it disappears. I am running a VPS at Digital Ocean (I have full control over the server). So I can't see why my .htaccess files are automatically deleted upon creation. I even tried to make the file on my computer and just transfer it to the directory via FTP but as soon as it transfers, it disappears. I checked the log of the FTP transfer and the file transferred successfully. I can't figure this out.
Its because system files are hidden on apache servers... Either select the option to see hidden files if you're using a GUI or type the command "ls -a" if you're on terminal and you should see the files. Any file that starts with a dot is going to be hidden by default. Your .htaccess files fall within the same category.
If you want to be able to view the .htaccess file on the server, make sure you are logged in as the root user, or a user with root level permissions.
Then, navigate yourself to "/home/username/public_html(in my case)" And if you have a .htaccess file uploaded, it should be displayed there.
I am running Magento Community Edition version 1.7.0.2.
I would like to know, how come are there two .htaccess
files in my installation, one in the magento root directory,
and another one in the magento app directory just beneath
the magento root directory?
On my system the first one is 209 lines long whereas the
second one only contains two directives.
Can anyone please explain how come there are two files
instead of one. Are both parsed or just one of them?
Normaly each .htaccess-File paresed, cause they could be used additional.
The last .htaccess-File may overwrite or enhanced previuos ones.
The .htaccess file in app/ is used to "deny" all access to any file under app. Without this someone could access http://yourdomain.com/app/etc/local.xml and see your database credentials, among other bad things. A similar file should be present in var/ as well (to prevent viewing logs, etc)
Delete the existing file and try adding default new .htaccess file
Magento default htaccess file