Can someone let me know how i can add access to another file such as
mydomain.com/filename.php?
I have uploaded a file and it gives me a 500 error.
thank you
Can someone let me know how i can add access to another file such as
mydomain.com/filename.php?
I have uploaded a file and it gives me a 500 error.
thank you
Can someone let me know how i can add access to another file such as
mydomain.com/filename.php?
I have uploaded a file and it gives me a 500 error.
thank you
Check the error in the error logs.
May be access to other files is forbidden in the .htaccess file?
eCom - thank you for your reply, the htaccess is "out-of-box" with no mods on 4.3.x, im not great with regex here is my htaccess
DirectoryIndex index.html index.php # Compress HTML, CSS, JavaScript, Text, XML, fonts AddOutputFilterByType DEFLATE application/javascript application/x-javascript text/javascript application/json AddOutputFilterByType DEFLATE application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf font/opentype font/otf font/ttf application/x-woff application/x-font-woff AddOutputFilterByType DEFLATE text/css text/html text/plainHeader set Access-Control-Allow-Origin "*"
# Remove browser bugs (only needed for really old browsers) BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html Header append Vary User-Agent Cache all images for 2 weeks
ExpiresActive on ExpiresDefault "access plus 2 weeks" Header set Cache-Control "max-age=1209600" RewriteEngine on RewriteBase / Options -MultiViewsRewriteRule ^init.php$ - [F,L,NC]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]RewriteCond %{REQUEST_URI} ^api/(.)$ [or]
RewriteCond %{REQUEST_URI} ./api/(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .api/(.)$ api.php?_d=$1 [L,QSA]RewriteCond %{REQUEST_URI} .(png|gif|ico|swf|jpe?g|js|css|ttf|svg|eot|woff|yml|xml)$ [NC,or]
RewriteCond %{REQUEST_URI} store_closed.html$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.?)/(.)$ $2 [L]RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L,QSA]This prevents possible problems when downloading files
php_flag zlib.output_compression Off
Check the error in the error logs.
There are no errors in the logs files :(
eCom - thank you for your reply, the htaccess is "out-of-box" with no mods on 4.3.x, im not great with regex here is my htaccess
In this case please also check file permissions and file owner. It can cause such issue
Im trying to secure the renamed admin file when i add in the filesmatch rule to the htaccess is give me a 404 and i can not access the admin.
So i know that its reading the file name properly, and the perms are set according to the secure your admin section http://docs.cs-cart.com/4.3.x/install/security.html
Why are you adding it to a files match statement? If the file is present, it will be used. Are you trying to limit the files that "can be accessed" from your document root? If so, then I'd assume you have a problem in your 'files' tag 'order" or application. Please post your "files" tag statement.
So after some digging on this issue if anyone else has the same quandary, it appears that the cs-cart requires the
ErrorDocument 401 "output text"
to be included else it causes a redirect loop as it is not push to an "error" page.
I was able to secure a renamed admin page by adding the following before the rewrite rules block
RewriteEngine on RewriteBase / Options -MultiViews -Indexes{insert block here }
RewriteRule ^init.php$ - [F,L,NC]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
with the following.
AuthType Basic AuthName "Login" AuthUserFile /home/path/sub/.filename require valid-user ErrorDocument 401 "Required"
Just to add an extra layer of security. I would recommend that cs-cart add this to their core code htaccess with an append to the .htaccess file
@tbirnseth - it is a stock cs-cart .htaccess, just using the rules and rewrites that are included. Was trying to secure a renamed admin.php file, if the filesmatch is not included i think that this block
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L,QSA]
redirect all request to the index.php page causing a redirect loop, but im not 100% on that assumption.
It only redirects to the index.php if the request does NOT exist as a file OR directory. Index.php, api.php and admin.php all exist and are not passed to the application to "resolve". Any "SEO name" will be passed to index.php to be processed to redirect to the appropriate url based on the SEO name/rules.
.
I would think you'd be able to deny everything and then just enable admin.php, index.php and api.php if you want to.
Personally I think it's overkill if your ownerships and permissions are set properly based on the method your web server uses. But you should be able to do it if you want to.