WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] .htaccess and chmod 777 (19 posts)

  1. rudolfnu
    Member
    Posted 7 years ago #

    I use a plugin Image Manager where you need to set the upload/images to chmod 777, to get it to work!

    I don’t like that, I’ve searched around for a solution to make it a bit safer. What I want is to use a .htaccess file in images folder, and to utilize that only jpg,jpeg,gif and png could be used or disable php,sgi,perl in that folder. The person who wrote the plugin states that you can make that with following lines in a htaccess file

    <Files ^(*.jpeg|*.jpg|*.png|*.gif)>
    order deny allow
    deny from all
    </Files>

    I tried that but that don’t work at all, could anyone give me the magic lines that either allow only images or disallow scriptfiles.

  2. whooami
    Member
    Posted 7 years ago #

    disallow script files from what? Thats what's missing from your question?

    from being uploaded?
    from being parsed (executed)?
    from being read?

    what?

  3. rudolfnu
    Member
    Posted 7 years ago #

    ooh sorry,

    I want to make it safer, so not anyone can hack my site or run scriptfiles in that folder

    from being parsed (executed)?

  4. whooami
    Member
    Posted 7 years ago #

    so you dont want script files to be executable inside that directory?

  5. rudolfnu
    Member
    Posted 7 years ago #

    yep

  6. whooami
    Member
    Posted 7 years ago #

    gimme a min or 2

  7. rudolfnu
    Member
    Posted 7 years ago #

    perfect, Im impressed how fast you replied! :-)

  8. whooami
    Member
    Posted 7 years ago #

    oke.. well for starters, since the dir is 777. you want to do this:

    AddType text/plain .pl
    AddType text/plain .cgi
    AddType text/plain .php

    ...

    its been a while since Ive done that, Ill prolly need to test it, or you can

  9. rudolfnu
    Member
    Posted 7 years ago #

    In htaccess?

    AddType text/plain .pl
    AddType text/plain .cgi
    AddType text/plain .php

    do you need something else? I can try it

  10. whooami
    Member
    Posted 7 years ago #

    i already did, it works fine. and no, you dont need anything else.

    dont leave your .htaccess chmod to anything higher than 644. and even then, you ought to put this inside it:
    <Files ~ "^.ht">
    Order allow,deny
    Deny from all
    Satisfy All
    </Files>

  11. rudolfnu
    Member
    Posted 7 years ago #

    perfect, Thank you for the help!
    I asume that this disables script´s in that folder?

  12. whooami
    Member
    Posted 7 years ago #

    it makes files with those extensions be displayed as text within a browser.

  13. rudolfnu
    Member
    Posted 7 years ago #

    Oh the first lines then?

    AddType text/plain .pl
    AddType text/plain .cgi
    AddType text/plain .php

    Im no htacces expert ;-)

  14. whooami
    Member
    Posted 7 years ago #

    what are you asking me?

    What you just pasted causes files with the extension .pl, .php, or .cgi be displayed as text.

    The other thing I pasted restricts your .htaccess from being opened in a browser.

  15. rudolfnu
    Member
    Posted 7 years ago #

    this goes in to my htacces file in the folder
    <Files ~ "^.ht">
    Order allow,deny
    Deny from all
    Satisfy All
    </Files>

    chmodded 777

    but the other lines that you wrote?
    AddType text/plain .pl
    AddType text/plain .cgi
    AddType text/plain .php

  16. rudolfnu
    Member
    Posted 7 years ago #

    Ohh I see, two solutions for different problems, I understand!

    thank you so much for you help!!!!!

  17. whooami
    Member
    Posted 7 years ago #

    No.
    Read what I wrote:

    AddType text/plain .pl
    AddType text/plain .cgi
    AddType text/plain .php

    ^^^^^^^^ Files with the extensions, php, cgi, and pl will be displayed as TEXT in a browser window. THEY WILL NOT BE EXECUTED.

    <Files ~ "^.ht">
    Order allow,deny
    Deny from all
    Satisfy All
    </Files>

    ^^^^^^^^ PREVENTS your .htaccess from being viewed/loaded/read in a browser window.

    ---------------

    DO NOT CHMOD YOUR .HTACCESS TO 777.

  18. rudolfnu
    Member
    Posted 7 years ago #

    he he, sorry

    I understand, I´m a bit slow today, he he

  19. lelion
    Member
    Posted 7 years ago #

    Great tips from whooami, I think they'll be useful for me, too, one day:)

    Thank you from my part, too:)

Topic Closed

This topic has been closed to new replies.

About this Topic