Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Allow a subfolder with directory listings

unixherounixhero
edited November 2013 in Vanilla 2.0 - 2.8

Hi
I am trying to have a subfolder in my VANILLA forum root where my users upload files.
The voodoo in apache's redirect escapes me, and I am hoping someone here could help me out.
When I password protect the folder /stuff with a .htaccess file, the .htaccess in the VANILLA root folder kicks in gives a 404 error (fancy Vanilla error message).
The 404 message reads "Page Not Found
The page you were looking for could not be found."

How can I exclude /stuff from that .htaccess catch-all that ships with VANILLA?

Here is my .htaccess file from the rootfolder (the one that comes with Vanilla forums)

RewriteEngine On

# RewriteBase /

RewriteCond %{REQUEST_URI} !^/snax

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]

Here is the .htaccess file I have written for /stuff :

DirectoryIndex index.php index.html index.htm

Options +Indexes

AuthType Basic

AuthName "Got stuff"

AuthUserFile "/home/mywebstuff/.htpasswds/snax.passwd"

AuthGroupFile /dev/null

require valid-user

Hope someone would have a pointer...

Tagged:

Comments

  • hbfhbf MVP

    Htaccess is hierarchical, sub directory htaccess overides parent, parent overrides server config. So just add an htaccess file to your subfolder which modifies the desired behavior. Don't touch the forum root htaccess.

    Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained

  • unixherounixhero

    Thanks for your suggestion, but that is precisely what I tried... I placed an extra .htaccess in my subfolder, but when I turn on "AuthType Basic" I'm bein redirected to a VanillaForums404 error message, and when I turn the auth off, I am able to view the indexed folder...

    I guess what I really should try and achieve is to create a Mod_Rewrite rule in the root .htaccess that can exclude every action in the /stuff folder... So far I haven't been able to get that working...

  • R_JR_J Admin

    I've tried your .htaccess with my "uploads" folder and when I access mydomain/uploads I see the directory listing.
    So there is obviously no need to change roots .htaccess.

    Afterwards I've created a "stuff" folder, moved the .htaccess over there and surfing to mydomain/stuff gives me a 403 :-o

    Sorry I have no solution for that, but maybe that will help you figure out what happened on your server

  • x00x00 MVP
    edited November 2013

    vanilla does not try rewrite urls to physical directories and files that are readable. This rule specifiable excludes that

    RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f

    -d for directory -f for file, ! meaning not.

    grep is your friend.

  • x00x00 MVP
    edited November 2013

    show us the .htaccess of the subdirectory

    should be something like

    AuthName "Authorisation Required"
AuthUserFile "/path/to/passwd"
AuthType Basic
require valid-user
ErrorDocument 401 "Authorisation Required"

    grep is your friend.

  • R_JR_J Admin

    @x00 : it is at the end of the initial posting

  • x00x00 MVP

    look at the order of AuthType Basic it doesn't go at the top.

    grep is your friend.

Sign In or Register to comment.