Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.5.25)
PHP version: (5.2.9)
MySQL version: (5.0.95-community )
Host: (optional, but it helps us help you)
Admin Tools version: (2.2.0)
Description of my issue:
1) When I use the .htaccess maker (only customizing non-http://www to redirect www) I find that it breaks access to certain programs, some not even joomla. When creating the .htaccess I set it up with options set to Yes, and tested that the site in general was working.
Coexisting with Joomla under home I have an open source program called webcalendar installed in ~/www/webcalendar (aka /home/$my_account/www/webcalendar. It becomes inaccessible.
By trial and error I commented out the following lines in the .htaccess to get it working again:
# Begin webcalendar break
# RewriteRule ^(components|modules|templates|images|plugins|media|libraries)/ - [F]
# Begin webcalendar break
# Breaks Webcalendar break
# RewriteRule (.*.php)$ - [F]
# End Webcalendar break
Rather than comment out the lines open up my security holes, how do you set up an exception so that the program will coexist happily with the secure .htaccess?
2) I think this is a similar problem, but this time Joomla component, called com_hdflvplayer. It is an administration type component which allows you to upload videos (using either a file upload or an upload with ffmpeg). Files will not upload with the .htaccess in place. I did a search through the filesystem (with .htaccess off) and found that the program seems to upload them (temporarily) to ./administrator/components/com_hdflvplayer/images/uploads/ as a temp file, then renames them and they get moved to: ./components/com_hdflvplayer/videos/.
I suspect it is because it is doing this under administrator that it fails, just guessing. So similar question, how do I add an exception to the .htaccess to allow the program to succeed without compromising security?
I tried to correct this by adding an exception for the uploads folder but it does not help. The exception line looks like: RewriteRule ^administrator/components/com_hdflvplayer/images/uploads/ - [L]
3) Similar problem - I had to comment out these lines to get some slideshows, content sliders working including by Gavick and Yootheme:
## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed
## -->> This group also breaks Gavick and other...
#RewriteCond %{REQUEST_FILENAME} (.php)$
#RewriteCond %{REQUEST_FILENAME} !(/index[23]?.php)$
#RewriteCond %{REQUEST_FILENAME} -f
#RewriteRule (.*.php)$ - [F]
I'd imagine that many administrators who don't have file system access could not even figure out which folder com_hdflvplayer uses. The question: How do I sort out the exceptions correctly without compromising the site? Start with HD FLV.
Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.5.25)
PHP version: (5.2.9)
MySQL version: (5.0.95-community )
Host: (optional, but it helps us help you)
Admin Tools version: (2.2.0)
Description of my issue:
1) When I use the .htaccess maker (only customizing non-http://www to redirect www) I find that it breaks access to certain programs, some not even joomla. When creating the .htaccess I set it up with options set to Yes, and tested that the site in general was working.
Coexisting with Joomla under home I have an open source program called webcalendar installed in ~/www/webcalendar (aka /home/$my_account/www/webcalendar. It becomes inaccessible.
By trial and error I commented out the following lines in the .htaccess to get it working again:
# Begin webcalendar break
# RewriteRule ^(components|modules|templates|images|plugins|media|libraries)/ - [F]
# Begin webcalendar break
# Breaks Webcalendar break
# RewriteRule (.*.php)$ - [F]
# End Webcalendar break
Rather than comment out the lines open up my security holes, how do you set up an exception so that the program will coexist happily with the secure .htaccess?
2) I think this is a similar problem, but this time Joomla component, called com_hdflvplayer. It is an administration type component which allows you to upload videos (using either a file upload or an upload with ffmpeg). Files will not upload with the .htaccess in place. I did a search through the filesystem (with .htaccess off) and found that the program seems to upload them (temporarily) to ./administrator/components/com_hdflvplayer/images/uploads/ as a temp file, then renames them and they get moved to: ./components/com_hdflvplayer/videos/.
I suspect it is because it is doing this under administrator that it fails, just guessing. So similar question, how do I add an exception to the .htaccess to allow the program to succeed without compromising security?
I tried to correct this by adding an exception for the uploads folder but it does not help. The exception line looks like: RewriteRule ^administrator/components/com_hdflvplayer/images/uploads/ - [L]
3) Similar problem - I had to comment out these lines to get some slideshows, content sliders working including by Gavick and Yootheme:
## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed
## -->> This group also breaks Gavick and other...
#RewriteCond %{REQUEST_FILENAME} (.php)$
#RewriteCond %{REQUEST_FILENAME} !(/index[23]?.php)$
#RewriteCond %{REQUEST_FILENAME} -f
#RewriteRule (.*.php)$ - [F]
I'd imagine that many administrators who don't have file system access could not even figure out which folder com_hdflvplayer uses. The question: How do I sort out the exceptions correctly without compromising the site? Start with HD FLV.
