Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
This question is directly related to a previous question of mine :
php files are downloaded instead of ran
But I have narrowed down the problem so that answering one question technically answers both.
I have made many changes to .htaccess in a certain directory above the root. We'll just call it /dir. Somewhere along the way, I made a change that broke the way php runs files. My overall goal is to get php to run .php files again; however my question is about resetting the .htaccess for /dir. I created php files in the directory before /dir (previous/dir) and they run fine, so I just need to reset whatever changes are being held onto for that directory.
How can I clear all .htaccess for that directory.
Keep in mind, I have cleared the .htaccess file already. Whatever changes happened are being stored somewhere in apache that I can't get to. I just want to reset them and go back to where php was working in that directory.
Thanks.
The problem was that the original .htaccess had changed permissions to the directory because of password protecting. After I deleted the .htaccess file and the pwd, the permissions were still altered. After fixing the permissions I was easily able to fix everything.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 hour ago.
Improve this question
In shared hosting, I installed all laravel application files in the root folder (public_html). But also I deny the .env file via htaccess.
So is denying the .env file via htaccess enough for application security?
Do I have to install the app at the same directory level of public_html and do i have to create a symlink?
Thanks!
So is denying the .env file via htaccess enough for application security?
No.
Examples of where this would not be sufficient:
Someone could access files like storage/logs/laravel.log and see potentially sensitive information.
Misconfiguring/breaking PHP on the server would permit users to browse your PHP files as plain text, potentially revealing the entirety of your source code.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
In which diretory should script files for cronjobs be saved? Available to the public inside var/www/html or better inside var/www/files or ...?
Re-posting comments from above, for easier reference and clarity:
Why would you want to make cronjob script files available to the public? If you're distributing them, var/www/* would be a fine place to put them. If you're intending to run them on your server, put them somewhere that isn't public facing, like your /home directory
Cron only needs its scripts to be in a directory it can access. While it can definitely access /var/www/, so can (potentially) the public; it depends on your configuration. If you're running Apache as your web-server, then accessibility of any directory under the web root (usually, and likely in this case, /var/www) is configured by .htaccess files (or in a Directory block in your main server config). By default, all sub-directories and files are accessible. If you don't care about other people seeing your cron scripts, go ahead and put it in var/www. Otherwise, put them somewhere else or change your server configuration
The best way to do that you want, is create a new directory dedicated to save the scripts, for example, /var/www/html/scripts
In that way, people is able to see the the sctipts and for crontab schedule too.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I want to have files in my repo but don't want to track the changes in the clones is there a way to do that without setting files to assume-unchanged through a deploy script?
Example:
Server bare.git holds a file custom.php
Local repo pulls bare.git gets the custom.php but don't track changes to the file
I read about config files but I don't want to make the files with a deploy script I want the file to be in the repo and gets cloned but not to be tracked by the cloned repo.
No, there is no way of doing this, and there probably a problem with your workflow if you need this. If config.php needs to be changed on each instance (for example, to add credentials specific to that environment), you probably want the following accepted pattern:
Rename that file to config.php.example
Add config.php to .gitignore
In each clone, copy config.php.example to config.php and make the necessary local changes
Otherwise, the entire purpose of Git is to track change to files. If you don't want changes to a file tracked, don't track it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I've got a problem. After moving a project to another server I get strange string "192" which is inserted before every response from server. I did no changes into source code and it works fine on another server. I've only copied project... Really. That's all.
This is how it looks:
It can be beared when dealing with generated pages. but json reponse is not correct so it gets broken because of this number "192".
In the root folder /var/www/html I have only this project. Nothing else.
I guess it must be something with php settings. Thanks in advance!
The problem is with the code off course. Check the configuration files you are adding before executing any file of the view.
If you want to verify there is something wrong with the code, you may just put an empty hello world file and execute it from the browser. See if 192 comes there also or not.
Something like this on /var/www/html/test.php
<?php echo "Hello World"; ?>
Now run your website http://yourwebsite.com/test.php and share the output.
If the 192 is not in your code (and since it doesn't show on a different server, it certainly seems so), another very strong contender from where it is coming from is the php.ini option, auto_prepend_file.
auto_prepend_file string
Specifies the name of a file that is automatically parsed before the
main file. The file is included as if it was called with the require
function, so include_path is used.
The easiest way to find out if there is a file being included before all of your requested pages is by searching the phpinfo() output for auto_prepend_file, and editing the php.ini file to remove it if it is there.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I installed an Apache server and am playing around with it a bit. What I can't figure out is how to properly set permissions for this setup:
I don't want my files to be externally accessible (i.e. ./files/file1.foo) - there are many files in this directory and I don't want people to be able to read them. So far so good. chmod o+r enables reading and vice versa, in my case.
Then I have a PHP script that handles sessions with each user, who owns one of the files and should be able to view it, but only it, not the other files. Let's say the file is a picture. I would write <?php ... echo "<img src=\"files/file5.foo\"> ?> to show this file. But that wouldn't work, because the PHP doesn't have permissions to the file either.
What is the way to handle this?
For those requirements the best solution is to store the protected files outside of the public HTML and use a PHP script to serve them. The PHP can then check if the current user should be allowed to access the requested file or not.
Have a look at this example. For inline images, don't set the file transfer headers, just output the content (you can still output a content-type header but that isn't needed).