Problem With .htaccess

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
User avatar
Steve K
Registered User
Posts: 81
Joined: Fri Sep 07, 2007 5:46 pm
Contact:

Re: Problem With .htaccess

Post by Steve K »

Well, you can always download the .htaccess file before you delete it. If you find that even more has gone wrong, upload it again.

Normally deleting this should not cause you any major issues, but to be on the safe side, always take a back-up.
Image
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: Problem With .htaccess

Post by EXreaction »

Well, it should be perfectly fine as long as you do not store database backups on your server (because then somebody could copy your entire site, and, if the hash is ever cracked on the passwords, every user on the board would have their passwords taken. However I don't think anyone will be able to crack the hashes for many, many years if ever).
User avatar
Jaymie1989
Registered User
Posts: 1991
Joined: Thu Aug 02, 2007 5:21 pm
Name: Jaymie

Re: Problem With .htaccess

Post by Jaymie1989 »

removing the .htaccess files are safe.

the .htaccess is a security feature. :D
Dear creators of Sesame Street,
Kids are still fat. Can I come back now?
Sincerely, Cookie Monster.

View my MODs - Need phpBB help with MODs and Styles? Take a look at my phpBB3 services
VoidVoid
Registered User
Posts: 1
Joined: Thu Apr 10, 2008 10:35 pm

Re: Problem With .htaccess

Post by VoidVoid »

Here is the real fix:

A basic knowledge of apache and how to configure it is assumed, if you dont know how to edit a text file and read documentation, please turn off your computer now.

If you have access to your apache server configuration:

<Directory "/usr/local/apache2/htdocs">
Options Indexes Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

See the AllowOverride All part? That is the part that tells the server that .htaccess files are allowed to override certain configuration directives. In this case I have set mine to "all" which means my .htaccess can now set whatever it wants. You will note this applies to the Directory /usr/local/apache2/htdocs so if you store your files someplace else, you might need to change that path.

No I don't have to remove the .htaccess files and possibly expose information to the people I don't want seeing it.

If you are on a webhost that has this directive set to NONE (or something that restricts the Order directive) then you must remove the .htaccess files.

This does not mean you are totally open to attack, it just means you have one less layer of security. You'll live.
SneakySimian
Registered User
Posts: 31
Joined: Fri Apr 11, 2008 12:31 am

Re: Problem With .htaccess

Post by SneakySimian »

VoidVoid wrote:Here is the real fix:

A basic knowledge of apache and how to configure it is assumed, if you dont know how to edit a text file and read documentation, please turn off your computer now.

If you have access to your apache server configuration:

<Directory "/usr/local/apache2/htdocs">
Options Indexes Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

See the AllowOverride All part? That is the part that tells the server that .htaccess files are allowed to override certain configuration directives. In this case I have set mine to "all" which means my .htaccess can now set whatever it wants. You will note this applies to the Directory /usr/local/apache2/htdocs so if you store your files someplace else, you might need to change that path.

No I don't have to remove the .htaccess files and possibly expose information to the people I don't want seeing it.

If you are on a webhost that has this directive set to NONE (or something that restricts the Order directive) then you must remove the .htaccess files.

This does not mean you are totally open to attack, it just means you have one less layer of security. You'll live.
Well, that's not the real fix. Most, if not all, people that are having trouble with this will not have access to the apache config. Those that do will more than likely already know about this. Besides, setting it to all (not that all isn't helpful) creates a security risk as people can now do things that you didn't intend to do.
cbourne
Registered User
Posts: 109
Joined: Sun May 25, 2008 6:49 am

Re: Problem With .htaccess

Post by cbourne »

I'm having the same problem with Streamline. There seems to be deabate about the safety aspects of removing the .htaccess file. Are there any more comments of this.
rune-pure
Registered User
Posts: 98
Joined: Thu Jun 05, 2008 1:33 am

Re: Problem With .htaccess

Post by rune-pure »

Well i see what you mean

somtimes hosting companys will not allow some types of ftp files

so when you try to access a uploaded ftp file like phpbb they will not alow it an it will end in a error 505

i have signed up for steam line and i had the 505 but on my useal hosting i dont

and also soemtimes hosting accounts that will not alow might corrupt the htaccess

so i suggest moving hosts and deleeteing and reuploading it again and talk to me

also the host i use is hostgator
plburk
Registered User
Posts: 1
Joined: Wed Mar 11, 2009 1:50 am

Re: Problem With .htaccess

Post by plburk »

I had this problem with phpBB3 on Apache. I edited my virtual host configuration file for httpd and changed the line that said:

AllowOverride AuthConfig

to

AllowOverride All

and it worked.
Locked

Return to “[3.0.x] Support Forum”