I am hosting a bunch of files on an Apache server. The files all have an extension of ".plugin" (i.e. filename.plugin ).
The files are actually zip files with the extension changed.
When downloading via Firefox the browser saves the file as "filename.plugin" which is great.
However when using IE it somehow knows this is a ZIP file and downloads it as "filename.zip".
The question is how do I force it to download with a ".plugin" extension ?
Try to force it to a Mime Type, maybe the IE see that the type is a zip, try something like:
AddType application/plugin plugin
in the httpd.conf or in the .htaccess
Related
I took over a website which I'm supposed to admin and somebody brought to my attention that certain Indexes and Files are available, which shouldn't be. I will be using dummy names.
You were able to access example.com/intern before, but I changed a line in /etc/apache2/apache2.conf according to this https://stackoverflow.com/a/31445273 . This worked partly, as I get a 403-Forbidden when I now navigate to example.com/intern and that's basically what I want.
However the directory intern governs a file called file.php.bak aswell as file.php. When I navigate to example.com/intern/file.php I get a white website. I am however not sure, if you are able to access file.php in another way, because the site does load and I don't get a 403 like before. What is way worse and the reason I am struggling with this is: If I go to example.com/intern/file.php.bak then my Browser (Firefox) offers me to download file.php.bak, which I can read in plaintext. I want all files in intern to not be accessible via the website, but I have no idea how to do this. Can anybody help?
Things I've tried:
Removing the Indexes from the apache2.conf file like mentioned above. It only puts the 403 on the directory itself and not recursively for all the files in it.
Writing a .htaccess file as described here: https://fedingo.com/how-to-prevent-direct-file-download-in-apache-server/ and putting it in intern with the same result as in 1)
Putting an empty index.html file in the intern directory. This leads to no more 403 in example.com/intern, but the download on example.com/intern/file.php.bak is still possible. I've also tried index.php with the same result.
File System:
The application runs from /var/www/application which is also the folder for the /var/www/application/index.php I want to use. The /var/www/application/intern directory is also there. While it isn't browsable anymore, the files in it still are accessible. /var/www/application/intern/file.php can be navigated to via example.com/intern/file.php, but it seems like it can't be downloaded or read as it results in a white page. /var/www/application/intern/file.php.bak can however be downloaded via example.com/intern/file.php.bak.
Let's say Apache document root is set to DocumentRoot "/folder_one/folder_two"
Placing files in a folder_one will prevent people browsing your apache server and requesting the files directly.
Place index file in folder_two and include some code such as PHP to tell apache to include whatever files you want from folder_one.
In this manor Apache will still be able to serve whatever files you want from folder_one and people will not be able to request the files directly as the are located in a directory above the Apache document root.
I set up a little Apache2 server on a Raspberry PI4. Now I’m looking for a way to hide the real directory path displayed in the URL. I read around that you should deal with a file called .htaccess but, I don’t even know what to actually look for on the internet. How can I display an arbitrary url in the address bar of the browser, Hiding file extension like .php and file path?
You make rewrite rules in an Apache config file, a .htaccess file for example. One way you could achieve this is to create re-write rules in a .htaccess file. Use to below link to test your rewrite rules, then once you have that part working implement on your live apache installation.
https://htaccess.madewithlove.be/
I have made a custom folder within WordPress' uploads directory to house some downloadable files, however I don't want these to be directly accessible, they should only be accessible via a script for example.
To accomplish this I simply put a .htaccess file in the respective folder containing:
Deny from all
My development environment is Windows and this was working fine, both the folder and file returned a 403 Forbidden and I was able to force download the file via a script.
Now I have uploaded the site to a staging server that is running on Linux (RedHat I think?), Apache as well, but for both the folder and the file it returns a 404 Not Found and hence the file download also fails.
What am I missing here? Why is it acting differently? Should I be putting some different/extra in the .htaccess file?
Edit: I just noticed that whilst it IS stating it is a 404, it is redirecting to a 403.shtml file.
I recently found the use of a .htaccess file to edit the URL of my webpages. This is done with mod_rewrite (Apache). I use XAMPP and the working files are inside of the appropriate htdocs folder. While in the local directory, the .htaccess file does the job and it edits the URL. I have a domain name that I've been working on and periodically update the working files to that. When I upload these files to the domain through FTP, the .htaccess file doesn't work correctly, as you can imagine since Apache modules have no way of working on a web directory. So my question is, how do I make a .htaccess file work in a web directory without Apache's mod_rewrite module?
Your question is not sufficiently clear. URL rewriting won't work if you're just accessing the static files (i.e. file:///home/user/www/index.html) rather than going through the Apache server (http://localhost/~user/index.html) since Apache will never process the request.
Perhaps your .htaccess file is not being uploaded properly? Some programs will complain a bit when you try to upload strangely named files, such as those beginning with a period.
My webserver is Apache (I don't have admin rights over it though).
In my www/ directory, I have some .c files I'd like to display to the user to view in their browser.
Currently though, the website tries to make the user download the files instead of simply displaying them.
How can I fix this? Is there some sort of .htaccess trick?
Putting:
AddType text/plain .c
in the .htaccess should work.
This happens because apache does not know how to handle the file type and delivers it untouched and unidentified. You browser sees that the file type is not identified, can't associate the file with an application, so tries to save it.
There are a couple of ways.. Reconfigure Apache to serve this file as a text file or Rename The File so apache handles the file like a text file.
If you would prefer to reconfigure Apache find the following line in your configuration and modify:
AddType text/html .html .TXT .c
This instructs apache to include identify the file upon transmission to the browser as a text/html file. Note that .TXT may be there.
If you don't have access to the configuration, rename the file as FILE.C.TXT. Chances are, apache is already configured to server out text files. Note that this requires the .TXT to be specified as an txt/html handler and may not be on by default. Doing this will give you a quick test.
Good luck...