Skip to main content

Apache 2.4 deny from all blocks only css and js files

Comments

7 comments

  • cPanelMichael
    Hello, Could you let us know the full contents of the .htaccess file? Thank you.
    0
  • Ardelean Vlad
    Hello, this is the full content of the .htaccess file : deny from all Options -Indexes # php -- BEGIN cPanel-generated handler, do not edit # Set the "ea-php71" package as the default "PHP" programming language. AddType application/x-httpd-ea-php71 .php .php7 .phtml # php -- END cPanel-generated handler, do not edit RewriteEngine On RewriteBase / RewriteRule ^(testfolder.*$|index\.php$) - [L] ###redirect all php files to index.php RewriteRule ^([^.]+).php$ /index.php [R=301,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule . /index.php [L] The problem appears for other account too, I can copy the .htaccess file from it too if you want. Thank you!
    0
  • rpvw
    For Apache 2.4, you could try:
    Require all denied
    Access control In 2.2, access control based on client hostname, IP address, and other characteristics of client requests was done using the directives Order, Allow, Deny, and Satisfy. In 2.4, such access control is done in the same way as other authorization checks, using the new module mod_authz_host. The old access control idioms should be replaced by the new authentication mechanisms, although for compatibility with old configurations, the new module mod_access_compat is provided. Mixing old and new directives Mixing old directives like Order, Allow or Deny with new ones like Require is technically possible but discouraged. mod_access_compat was created to support configurations containing only old directives to facilitate the 2.4 upgrade. Please check the examples below to get a better idea about issues that might arise. Here are some examples of old and new ways to do the same access control. In this example, there is no authentication and all requests are denied. 2.2 configuration: Order deny,allow Deny from all 2.4 configuration: Require all denied
    Full details from
    0
  • Ardelean Vlad
    For Apache 2.4, you could try:
    Require all denied
    Full details from Upgrading to 2.4 from 2.2 - Apache HTTP Server Version 2.5

    I tried already but it is not working. It works the same as "deny from all", it blocks only css and js sources.
    0
  • cPanelMichael
    Hi, Could you open a support ticket using the link in my signature so we can take a closer look? Thank you.
    0
  • Ardelean Vlad
    Hello, I opened a support ticket. Thank you!
    0
  • Ardelean Vlad
    Hello, the problem was solved by the cPanel support. Apparently the server couldn't find the 403 error page so the rewrite rule in the .htaccess "picks up" the request and attempts to process it. The solution was to use a rule for the error page like : ErrorDocument 403 "403 Error" in my .htaccess file, or to set the default error pages like I did now from WHM -> Service Configuration -> Apache Configuration -> Pre VirtualHost Include.
    0

Please sign in to leave a comment.