I see that there is a “strict” .htaccess file.
I removed it and all of the readme stuffz( i already block those too)
Now my error.log stops wizzin by
Cheerz
Plugin Contributor
slangji
(@slangji)
Hi 🙂
I do not allow direct access to files and it is now throwing a 403 error.
I see that there is a “strict” .htaccess file.
So?
This is a problem?
Wath is the problem?
Explain me more … 😉
This is a Ticket #5766717
your htaccess conflicted with my apache conf and broke your plugin.
your css and js files became 403.
I use:
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|flv|mp3|wav|swf|psd|txt|doc|exe|zip|kml|mp4|JPG|avi|mpg|mpeg|fla|rar|sql|gz|7z|tar|css|js|wmv|rm|bcp|cbk|bcf|xml)$ – [R=404,NC,L]
in my httpd.conf <directory> settings.
i believe its better to 404 and tell bad guys there is nothing there to hack instead of 403 and let them keep hacking on it.
whats a Ticket #5766717?
Cheerz 🙂
Plugin Contributor
slangji
(@slangji)
I am interested to this exception to provide .htaccess file and “Strict Security Rules” compatible with the majority of systems: how do you think i should change .htaccess file to match your configuration but maintaining it impossible to access directed to external files .css and .js on plugin pakage?
This issue was inserted as Ticket #5766717 on to To-Do List for Future Development.
I’m really not that smart :/
Your intentions are great and theoretically should work fine with the “sub” htaccess over-riding higher configs.
For php pages I know a simple “if is_defined(whatever)” stops the page from being called directly.
What about instead of using “Allow/Deny” use “Rewrites” like I use for “hotlinking”?
Plugin Contributor
slangji
(@slangji)
Thanks you so much for suggestions!