Hi Nicholas & Dale,
I have some questions regarding implementing .htaccess maker retrospectively on sites. I maintain about 70 sites which were built from 2011 onwards.
With the release of Joomla 3.9.3 and the Post-Installation message warning about improvements to security by making a few changes (.htaccess and web.config) I was initially relieved to see that Admin Tools already takes care of this, since a Admin Tools release in 2015. (eg https://www.akeebabackup.com/support/admin-tools/Ticket/30917-htaccess-post-installation-message.html) BUT, only, it seems, if the Admin Tools .htaccess maker was used. Is this correct? I've looked everywhere in WAF settings and can't see any hardening rules for MIME types?
Most of my sites were built before .htaccess maker was released, and by 2015 then I knew Admin Tools so well (WAF configuration at least) that I didn't need to run the wizard (assuming that .htaccess maker is part of the wizard process?). So, now I need to either apply the recommended actions by the Joomla core release team, or run the Admin Tools .htaccess maker on each site.
Do you have any suggestions for the correct steps that I should take to implement .htaccess maker on existing sites which may have the following complications:
- Some sites are in a sub directory, so use a redirect from root to eg /cms
- Some sites have a bunch of redirects from old URLs to new equivalents
When Admin Tools .htaccess maker runs, will it find existing custom redirects and automatically include them, or do we need to enter them again manually? In my instance, some redirects were done via cpanel, which I think puts them at the end of the .htaccess file, if .htaccess maker includes them automatically, will it still find them at the end of the existing .htaccess file? (None of these sites use SEF URLs (index.php still present), which is why custom redirects are at the end of the .htaccess file works, otherwise I think they need to be included in the specific 'custom redirects' place of the joomla .htaccess file?)
Regarding shifting sites around:
If the .htaccess maker is in place, is there any special things we need to be careful of when copying a site to a development environment? Eg for revamping, and then overwriting the original site?
Thanks for your help.
Nicola
I have some questions regarding implementing .htaccess maker retrospectively on sites. I maintain about 70 sites which were built from 2011 onwards.
With the release of Joomla 3.9.3 and the Post-Installation message warning about improvements to security by making a few changes (.htaccess and web.config) I was initially relieved to see that Admin Tools already takes care of this, since a Admin Tools release in 2015. (eg https://www.akeebabackup.com/support/admin-tools/Ticket/30917-htaccess-post-installation-message.html) BUT, only, it seems, if the Admin Tools .htaccess maker was used. Is this correct? I've looked everywhere in WAF settings and can't see any hardening rules for MIME types?
Most of my sites were built before .htaccess maker was released, and by 2015 then I knew Admin Tools so well (WAF configuration at least) that I didn't need to run the wizard (assuming that .htaccess maker is part of the wizard process?). So, now I need to either apply the recommended actions by the Joomla core release team, or run the Admin Tools .htaccess maker on each site.
Do you have any suggestions for the correct steps that I should take to implement .htaccess maker on existing sites which may have the following complications:
- Some sites are in a sub directory, so use a redirect from root to eg /cms
- Some sites have a bunch of redirects from old URLs to new equivalents
When Admin Tools .htaccess maker runs, will it find existing custom redirects and automatically include them, or do we need to enter them again manually? In my instance, some redirects were done via cpanel, which I think puts them at the end of the .htaccess file, if .htaccess maker includes them automatically, will it still find them at the end of the existing .htaccess file? (None of these sites use SEF URLs (index.php still present), which is why custom redirects are at the end of the .htaccess file works, otherwise I think they need to be included in the specific 'custom redirects' place of the joomla .htaccess file?)
Regarding shifting sites around:
If the .htaccess maker is in place, is there any special things we need to be careful of when copying a site to a development environment? Eg for revamping, and then overwriting the original site?
Thanks for your help.
Nicola
