XFileSharing Pro - htaccess from fileserver htdocs files folder makes apache do

Message
Author
Anturaju93
Posts: 91
Joined: May 13, 2010 6:46 pm

htaccess from fileserver htdocs files folder makes apache do

#1 Postby Anturaju93 » Oct 25, 2014 6:58 pm

I have a really strange problem with the .htaccess file from fileserver htdocs files folder.
It seems that htaccess file creates a problem with my apache config for virtualhosts that makes apache download html files instead of display them on browser.

My virtualhost config is this for apache:

Code: Select all

<VirtualHost *:80>
SuexecUserGroup "#500" "#500"
ServerName upload.testdomain.ro
ServerAlias www.upload.testdomain.ro
ServerAlias webmail.upload.testdomain.ro
ServerAlias admin.upload.testdomain.ro
DocumentRoot /home/upload/public_html
ErrorLog /var/log/virtualmin/upload.testdomain.ro_error_log
CustomLog /var/log/virtualmin/upload.testdomain.ro_access_log combined
ScriptAlias /cgi-bin/ /home/upload/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/upload/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/upload/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/upload/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/upload/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.upload.testdomain.ro
RewriteRule ^(.*) https://upload.testdomain.ro:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.upload.testdomain.ro
RewriteRule ^(.*) https://upload.testdomain.ro:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
</VirtualHost>
Original .htaccess file code:

Code: Select all

Options +FollowSymLinks
DirectoryIndex index.html
Options All -Indexes
Options -Includes -IncludesNOEXEC -ExecCGI
RemoveHandler cgi-script .pl .py .cgi
RemoveType php

<IfModule sapi_apache2.c>
	php_flag engine off
</IfModule>
<IfModule mod_php4.c>
	php_flag engine off
</IfModule>
<IfModule mod_php5.c>
	php_flag engine off
</IfModule>

<FilesMatch "\.(htaccess|htpasswd|sh)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

<IfModule mod_headers.c>
Header unset Content-Type
Header unset Content-Disposition
Header set Content-Disposition attachment
Header set Content-Type application/octet-stream
Header add Content-Type application/force-download
Header add Content-Type application/download
Header unset Content-Transfer-Encoding
Header set Content-Transfer-Encoding binary
</IfModule>
The solution that i found is to delete the entire htacces file , is that okay?

AnotherIdiot
Posts: 101
Joined: Aug 23, 2014 2:59 pm

#2 Postby AnotherIdiot » Oct 27, 2014 10:05 am

Well if you found the solution is to delete the .htaccess file and everything still works then i don't think its the worst thing to happen.

Anturaju93
Posts: 91
Joined: May 13, 2010 6:46 pm

#3 Postby Anturaju93 » Oct 27, 2014 10:10 am

The site works now, but i think that by deleting the .htaccess file i created a security hole on the file server :(

speakerbox
Posts: 73
Joined: Aug 20, 2010 4:39 am

#4 Postby speakerbox » Nov 05, 2014 5:07 pm

Would have to test some configs on the server. Never had this problem before even after setting up 30+ servers.

---
teamxp2001(at)yahoo.ca