Google Search

kosi77
Ssr. Bludit
Posts: 28
Joined: Wed Jan 30, 2019 7:23 am

Sun Mar 29, 2020 10:38 am

Thanks!
User avatar
Jay
Master Bludit
Posts: 106
Joined: Mon Feb 11, 2019 8:41 pm

Sun Apr 05, 2020 10:02 pm

diego wrote:
Wed Mar 25, 2020 8:46 pm
Nothing to worry about that links, all the content on bl-content/uploads is public.
The private data is located in bl-content/databases/ and bl-content/workspaces/
I have checked couple such gsearch results.
There's one thing that worries me. Most of those dozen websites I've checked had enabled directory listing.
Although one cannot traverse and check what's inside other protected directories within /bl-content/, can see the dir tree and all other images in uploads.

i'd suggest at least adding inside default .htaccess option to disable directory listing with

Code: Select all

Options -Indexes 
User avatar
Edi
Site Admin
Posts: 1836
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Mon Apr 06, 2020 5:01 pm

Jay wrote:
Sun Apr 05, 2020 10:02 pm
i'd suggest at least adding inside default .htaccess option to disable directory listing with

Code: Select all

Options -Indexes 
I think this is a good solution. :)
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
kosi77
Ssr. Bludit
Posts: 28
Joined: Wed Jan 30, 2019 7:23 am

Mon Apr 06, 2020 5:45 pm

After inserting the code, he writes this:

ERR_TOO_MANY_REDIRECTS

The provider told me that this code should be rewritten:

Code: Select all

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [PT,L]
What will you advise me about?
User avatar
Jay
Master Bludit
Posts: 106
Joined: Mon Feb 11, 2019 8:41 pm

Mon Apr 06, 2020 9:07 pm

Clearing browser's cache, and cookies for your websites or creating new browser profile and trying out; commenting out second line forcing all requests to directories being processed by index.php file (might cause other problems); fixing http to https redirects; who knows except you how you have configured bludit instance on webshosting's provider platform nobody knows nothing about.
kosi77
Ssr. Bludit
Posts: 28
Joined: Wed Jan 30, 2019 7:23 am

Tue Apr 07, 2020 6:56 pm

This is my htaccess file:

Code: Select all

AddDefaultCharset UTF-8
Options -Indexes
<IfModule mod_rewrite.c>

# Enable rewrite rules
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.mysite\.com [NC]
RewriteRule (.*) https://mysite.com/$1 [L,R=301]

# Base directory
RewriteBase /

# Deny direct access to the next directories
RewriteRule ^bl-content/(databases|workspaces|pages|tmp)/.*$ - [R=404,L]

# All URL process by index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [PT,L]

</IfModule>
User avatar
Jay
Master Bludit
Posts: 106
Joined: Mon Feb 11, 2019 8:41 pm

Wed Apr 08, 2020 12:00 am

You are the owner of mysite.com? (´・ᴗ・ ` )

Or you just copypasted one of example mod rewrite rules redirecting connections from http to https without even changing domain name? ( ͡º ͜ʖ͡º)


Check new rules on default cms' .htaccess file, not just copy paste them in random places.
It matters where you put them, and how you end processing of every earlier or later rule. As neither rule you posted, or the rule I've described causes redirection loop.
Post Reply