 I am putting this code into .htaccess files in all directorys with 777 where there is no .htaccess file pressent so no code and bad things can be run. . . <LimitExcept GET>
. Now I am add this code to .htaccess file in floders with 777 (where there is already a .htaccess file) |
the directory /backup/ has a .htaccess file which says: Deny from all Looks like Its very simular, I dont want to conflict.....How should I do this one? |
Here is a list Ive made going through all the dolphin directorys so you dont have to: 777 directorys with .htaccess file LIST |
* profile has .htaccess but 1,2,3, etc folders (for individual user ids) dont! |
/cache/.htaccess Deny from all
Im going to have to see about this how to write in these without messing them up?????????? |
If you want to deny everyone (all ip addresses) from accessing a directory, you can use: Deny from all
|
the .htaccess stopped my promo banners from loading!!!!!!!!! so I removed it from /promo/ and left it in promo/original/ now it works again. |
ok It hasnt affected my profile with uploading backgrounds. |
I had to remove the one I put in media/sharing/images because the images were no longer loading... |
Well this is one way to bang up your post count Bamben LOL. i think you can be the official boonex posting tart. LOL Hope your making some sence of it all and getting to the bottom of whatever it is your trying to do |
lol i am lonley There are a few other things (that I dont yet understand or quite remember but I will put everything in here) feel fee to correct, add, or help as long as you are clear |
About /cache/.htaccess Deny from all Question) change to A, B or C ? A Deny from all B <LimitExcept GET> C Deny from all My opinion: A could be right If there is a difference between commands inside and ones outside of the <LimitExcept GET></Limit> (I have read that if two commands conflict or cancle each other; the first will be ignored and the last will be carried out) B could be right because it looks like the security fix in i am adding (the one in the first post) C could be right as in the /cache/.htaccess file Deny from all is on its own. |
<LimitExcept> section is used to enclose a group of access control directives which will be applied to any HTTP access method not listed in the arguments. This directive has reverse effect to <Limit> directive. Translation: <LimitExcept> holds commands that WONT be applyed to all files underneath. (so everything other than these listed......
|
the limit except part then to me seems wrong... like it does the opposite of what It should do. . To me It says: DONT DO THIS Deny from all On any of these files types |pl|py|bak|txt|htaccess|htpasswd|log|zip|asp|sh|shtml|jsp|gz|tgz|tar|php.*|htm.* . If <Limit> is the opposite to <limitExcept> then maybe It should look like this: <Limit GET> </FilesMatch> |
(Off current subject) I experimented changing the name of my admin directory.... when the name is changed you cant login, when you change it back to /admin/ you can! maybe this is good for security. Hackers would be looking for admin directory, wouldnt they... |
does any one know if ive done the limit backwards?? |
plus I think it would help others to see how (and how not to) improve security (I am trying to grab things from other posts on this .htaccess security fix and make sence of what this code should look like in each .htaccess file) Any one can help as this is for everyone not just me... Im going to sort out security by cpannel aswell and post how on this thread (I have read; you can sort out the index problem where anyone can look through the files on your directorys by making one .htaccess file high up in your directorys that redirects any attempt back to the main page, Insead of making a .htaccess file and putting it into every single folder wich would be loooooooong!)