Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 23
Members Online: 3

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Author

htaccess problems


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-05-09 17:37
Im trying to set up some pretty simple .htaccess configurations on my server, but am having some pretty confusing problems. Here is the file I have so far...
Code

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files ~ "\.txt$">
Order allow,deny
Deny from all
</Files>

IndexIgnore *





All I am trying to do is disable all dir listing, stop access from the url bar to files with a .txt extension, and of course prevent the htaccess file itself from being accessed.

I have put this file in the root of my server, so it should affect all files and folders on it (so I gather), but I have observed some pretty odd behavior.

If I access a folder on my server, I get a directory listing (www.server.com/folder)
If I access a .txt file in that folder, it gets denied (www.server.com/folder/test.txt)
If I access another subfolder, I get a listing (www.server.com/folder/folder)
If I access a file in that subfolder, I can view the contents (www.server.com/folder/folder/test.txt)

Can anyone see why this isnt working? I shouldnt be seeing these directory listings at all, and the .txt access is really confusing me...

Any help is much appreciated.

Cheers,
JJ


Author

RE: htaccess problems

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 02-05-09 18:04
check your httpd.conf file, search for htaccess string and you should find AllowOverride None directive. Change it to All, and restart the server Wink
Oh and maybe instead of IndexIgnore *, you could use Options -Indexes, which will return 403 forbidden rather then empty index...

Also httpd.config denies by default access to htaccess files, so no necessity to include that...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 02-05-09 18:07
clone_4@hotmail.com
Author

RE: htaccess problems


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-05-09 19:17
Nice one :D

For some reason my httpd.conf seems pretty empty, theres only 5 lines, no comments or anything I expected to see.. Installed from an apt repo as well.

*edit* Still no joy, I have placed the following lines in my httpd.conf:

Code

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>





But still no luck...




Edited by on 02-05-09 19:28
Author

RE: htaccess problems

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 02-05-09 19:29
jjbutler88 wrote:

For some reason my httpd.conf seems pretty empty, theres only 5 lines, no comments or anything I expected to see.. Installed from an apt repo as well.


That certainly isn't right... Check this http://www.devsid. . .httpd-conf. I'd send you mine, but currently I'm working under windows


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: htaccess problems

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 02-05-09 19:41
MoshBat wrote:
Repos are tailored for the OS, not your use...


but still 5 lines for a server config file seems a little weird to me...

@jjbutler: Have you restarted the server? (I know trivial, but I often forget to do that)

Also:
Code

<Directory "here should be full path to your www folder">
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all

</Directory>







[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 02-05-09 19:43
clone_4@hotmail.com
Author

RE: htaccess problems


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-05-09 20:05
Yeah, I have absolutely no idea how my apache was running with a 5 line config file, got the full version modified now, fixing it up for the errors then gonna give it a spin.




Edited by on 02-05-09 20:05
Author

RE: htaccess problems


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-05-09 20:28
Solved! Props to moshbat and clone4 for the help.

The real problem resided in the file '/etc/apache2/sites-available/default'. After changing the AllowOverride to All in there, everything was ok.

Cheers guys Grin