Problems with .htaccess vs streamline.net/fasthosts

[ian8115]

Hi. After reading many post on this site I have realised the reason I had missing graphics from the install page is due to my webhost streamline.net

I have renamed my .htaccess file in the zencart/includes folder and all seems fine. I then read this is a security issue. Another member 'Vger' suggested to edit the .htaccess file from:

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

adding qoutes as below:

<Files "*.php">
Order Deny,Allow
Deny from all
</Files>

I have done this and renamed my .htaccess file and all is fine.

Is this secure? Also do I need to do the same to .htaccess in zencart/admin/includes although its working ok as it is.

Thanks

[DrByte]

Normally one only adds the quotes if using a regex match, and then usually only using the FilesMatch directive, not the Files directive.

I would suggest that the correct answer to your situation would be best determined by actually testing to see whether the settings you've implemented actually do provide the security protection desired.

[ian8115]

Mmm unfortunate this morning I am back to missing graphics so for some reason it didnt work.

I am with streamline.net (fasthost) if I knew about the problems they have with ecommerce I wouldn't of signed up.

Any fix for this?

Strangely I initially installed on windows 2003 server initially but couldnt change permissions of configure.php files.

When I changed to linux I can change configure.php files permission but now I have problem with .htaccess.

Thanks

[rockmiranda]

Same problem here.
Streamline technical support replied with:

We only support mod_rewrite on .htaccess so any other codes will return an error. We would suggest that you either remove or comment out unsupported codes......

Would it be safe to do that?

If, as the Zen tutorial states:

The logic in the /includes/.htaccess and /admin/includes/.htaccess files basically just say for all *.php files, don't allow them to be accessed via a browser directly........

Would it be enough to change permission on those folders (protected by htaccess) with a 706 permission on the folder (no public execute)?

Thanks in advance.
Rob

[DrByte]

Same problem here.
Streamline technical support replied with:


Would it be safe to do that?

If, as the Zen tutorial states:

Would it be enough to change permission on those folders (protected by htaccess) with a 706 permission on the folder (no public execute)?

Thanks in advance.
Rob

That's something you'll have to explore with your choice of hosts if you choose to stay with them.