[TYPO3] naw_securedl
Xavier Perseguers
typo3 at perseguers.ch
Sat May 3 14:14:27 CEST 2008
Hi,
> I also have a .htaccess in the INTRA folder, which contains:
> <FilesMatch
> "\.([Pp][Dd][Ff]|[Jj][Pp][Ee]?[Gg]|[Gg][Ii][Ff]|[Pp][Nn][Gg]|[Dd][Oo][Cc]|[Pp][Dd][Ff]|[Xx][Ll][Ss]|[Rr][Aa][Rr]|[Tt][Gg][Zz]|[Tt][Aa][Rr]|[Gg][Zz])">
> Order deny,allow
> Deny from all
> Allow from none
> </FilesMatch>
Allow from none brings nothing!
> But the problem is, that the .htaccess file seems to be ignored.
>
> I have a file test.txt in the fileadmin/INTRA/ folder.
>
> When I call it like www.example.com/fileadmin/INTRA/test.txt it is displayed
> even with no BE Session and all cookies deleted.
>
> What do I miss?
> Whats wrong with my settings?
I think you missed the "AllowOverride" setting in your Apache virtual
host definition. Please read the official documentation:
http://httpd.apache.org/docs/2.0/howto/htaccess.html
> Sorry I forgot to ask which user:group and which right
> the .htaccess file needs to have to be most secure..
> Is it r--r--r-- or r-x-r----- or whatever should it be?
It's the same as a security level! As long as you do not have write
enabled, your access is OK. It does not matter whether you allow
"others" to read this .htaccess file as it does not contain anything
sensible.
But if you really wish to give minimum access rights, be sure to
chown/chgrp the .htaccess with your server user (www-data or nobody or
...) and then give it only read access for owner and group, it should be
sufficiant.
Regards
--
Xavier Perseguers
http://xavier.perseguers.ch/en
More information about the TYPO3-english
mailing list