Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Lockdown your Skins Dir with .htaccess Rate Topic   - - - - -

 
  • TonyK
  • Member
  • Members
  • Join Date: 03-Mar 06
  • 1686 posts

Posted 12 February 2007 - 01:19 AM #1

From Zyles:

Place this file in your SKIN directory.

Options -Indexes

<Files ~ "\.tpl$">
Order allow,deny
Deny from all
</Files>

<Files ~ "^\.css">
Order allow,deny
Allow from all
</Files>

Pimpin' skins since v1.0

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 12 February 2007 - 05:38 AM #2

ET or Zyles - I put this .htaccess file in my /root/csstore/skins/ directory, and it messed up my whole site's appearance... text messed, no images load, menus won't load, etc.

Obviously it is blocking styles.css and others, but what needs to be changed for it to work as you intended? Thanks.

(Deleted file and all went back to normal.)

 

Posted 12 February 2007 - 05:51 AM #3

ET or Zyles - I put this .htaccess file in my /root/csstore/skins/ directory, and it messed up my whole site's appearance... text messed, no images load, menus won't load, etc.


I can't comment on your server configuration however just loading a .htaccess file with the following code will remove the possibilities of scanning put it into "siteroot/skins/.htaccess"
Options All -Indexes
oh and when you get the time remove all skins that you are not using at the storefront.
This would save you having to worry about other skins being scanned/indexed if they're not there to being with. REMEMBER to LEAVE your CURRENT SKIN!

Jesse
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 12 February 2007 - 06:01 AM #4

Jesse - Thank you for your reply. I just put your 1-line version of .htaccess file in /shop.mysite.com/shop_mysite/skins/... same result, font and menus and images messed. Deleted it again and it goes back to normal. What the ?

Also, I have default blue (admin) and lite yellow (customer) folders in my skins directory. That shouldn't be a problem, right?

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 12 February 2007 - 06:47 AM #5

wwgreen, be sure to transfer the .htaccess filess as ASCII and not Binary.

Binary transfer will sometimes corrupt text files and is often the case with .htaccess files

 
  • zeke
  • Megamind
  • Administrators
  • Join Date: 01-Nov 05
  • 472 posts

Posted 12 February 2007 - 09:06 AM #6

The files that protect skins from being indexed are located in "var/skins_repository" subdirectory - "index.php" and ".htaccess". You can just copy them to "skins" directory. We'll add these files to "skins" directory by default in upcoming release (SP3).

 
  • Zyles
  • Senior Member
  • Members
  • Join Date: 06-Nov 06
  • 596 posts

Posted 12 February 2007 - 12:06 PM #7

wwgreen: Does the file in var/skins_repository/.htaccess work for you?
Marketing tip:

Did you know a targeted e-mail marketing campaign can bring conversion rates up to 3.9%? By using reliable e-mail marketing software you can upsell to existing customers on a tight budget. If you are not using e-mail marketing you are missing out big time. I recommend and use Aweber.

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 12 February 2007 - 01:30 PM #8

Zyles - Long story short, yes. I took the .htaccess in repository and put it in skins. Website loads as normal. Not sure why my .htaccess files didn't work.

Not sure what else I need to do, but I will wait and see what this forum brings in terms of basic security.

THANK YOU!

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 12 February 2007 - 03:06 PM #9

Why is the .htaccess in repository 777 permission, and when I loaded that exact file into skins, it is now 644?

Also, the .htaccess in my root is also 644.

Huh?

 
  • TonyK
  • Member
  • Members
  • Join Date: 03-Mar 06
  • 1686 posts

Posted 12 February 2007 - 04:41 PM #10

Here is another choice for locking down your Skin files.

# block all smarty templates (no reason to have these exposed)
RedirectMatch gone ^/.*\.tpl$


Pimpin' skins since v1.0