Re: client removal of .htaccess file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks.  I am guessing that I do have read/write access because I upload and remove the all of the files on the site, including .htaccess on the main branch.  Further, after logging in via the command line, I was able to navigate anywhere I could otherwise go in the file manager in cPanel.  Being on a shared server, I thus don't have root access or access to httpd.conf.

Since it's my site, I am the one who configured and uploaded the initial .htaccess file (after studying the Apache documentation for some time).  The file includes a few redirects, 400/403/404 errors, etc.  Since I rarely deal with this file, I am now relearning and further delving into the .htaccess configuration options for a subdomain that I'm building and wish to behave differently than the main site.

Thank you again for your time and assistance.

Joel

973 736 8306


From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 3:12 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: client removal of .htaccess file

Most '.htaccess' files ARE provided by host developers so that users have some security control over their site (being able to choose who or what to block is one case in hand) WITH 'write' access. Most sysadmins with access to root privileges don’t actually use them and format the directives directly by a 'directory by directory' configuration in apache config file (usually httpd.conf). So the usual use of them is for any user WITHOUT root access to the server and config files, so it’s a little out of the ordinary that you don’t have write or read access.
I wouldn’t recommend not having a basic '.htaccess' or having a dummy file, if you don’t have root access. 

"Just because you’re paranoid doesn’t mean they are not all out to get you…"

On 19 Jul 2020, at 12:32, Joel <jm-hotmail@xxxxxxxxxxx> wrote:

Thank you.  I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?

Joel
973 736 8306

From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
    Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <jm-hotmail@xxxxxxxxxxx> wrote:
> 
> Can one without server root access delete a previously uploaded .htaccess file?  The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux