Google Search

kosi77
Sr. Bludit
Posts: 33
Joined: Wed Jan 30, 2019 7:23 am

Thanks!
User avatar
Jay
Master Bludit
Posts: 133
Joined: Mon Feb 11, 2019 8:41 pm

diego wrote: Wed Mar 25, 2020 8:46 pm Nothing to worry about that links, all the content on bl-content/uploads is public.
The private data is located in bl-content/databases/ and bl-content/workspaces/
I have checked couple such gsearch results.
There's one thing that worries me. Most of those dozen websites I've checked had enabled directory listing.
Although one cannot traverse and check what's inside other protected directories within /bl-content/, can see the dir tree and all other images in uploads.

i'd suggest at least adding inside default .htaccess option to disable directory listing with

Code: Select all

Options -Indexes 
User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

Jay wrote: Sun Apr 05, 2020 10:02 pm i'd suggest at least adding inside default .htaccess option to disable directory listing with

Code: Select all

Options -Indexes 
I think this is a good solution. :)
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
kosi77
Sr. Bludit
Posts: 33
Joined: Wed Jan 30, 2019 7:23 am

After inserting the code, he writes this:

ERR_TOO_MANY_REDIRECTS

The provider told me that this code should be rewritten:

Code: Select all

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [PT,L]
What will you advise me about?
User avatar
Jay
Master Bludit
Posts: 133
Joined: Mon Feb 11, 2019 8:41 pm

Clearing browser's cache, and cookies for your websites or creating new browser profile and trying out; commenting out second line forcing all requests to directories being processed by index.php file (might cause other problems); fixing http to https redirects; who knows except you how you have configured bludit instance on webshosting's provider platform nobody knows nothing about.
kosi77
Sr. Bludit
Posts: 33
Joined: Wed Jan 30, 2019 7:23 am

This is my htaccess file:

Code: Select all

AddDefaultCharset UTF-8
Options -Indexes
<IfModule mod_rewrite.c>

# Enable rewrite rules
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.mysite\.com [NC]
RewriteRule (.*) https://mysite.com/$1 [L,R=301]

# Base directory
RewriteBase /

# Deny direct access to the next directories
RewriteRule ^bl-content/(databases|workspaces|pages|tmp)/.*$ - [R=404,L]

# All URL process by index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [PT,L]

</IfModule>
User avatar
Jay
Master Bludit
Posts: 133
Joined: Mon Feb 11, 2019 8:41 pm

You are the owner of mysite.com? (´・ᴗ・ ` )

Or you just copypasted one of example mod rewrite rules redirecting connections from http to https without even changing domain name? ( ͡º ͜ʖ͡º)


Check new rules on default cms' .htaccess file, not just copy paste them in random places.
It matters where you put them, and how you end processing of every earlier or later rule. As neither rule you posted, or the rule I've described causes redirection loop.
Post Reply