Not logged in. · Lost password · Register
Forum: General Help and Support Server Setup RSS
Not using .htaccess and getting data directory warning
Avatar
phatcoder #1
Member since May 2011 · 2 posts · Location: Arvada, CO USA
Group memberships: Members
Show profile · Link to this post
Subject: Not using .htaccess and getting data directory warning
I installed Dokuwiki using .htaccess files and it works great! I do not get the warning message:
It seems your data directory is not properly secured.

For fun, I decided not to use .htaccess files and set up Apache's main configuration with a Directory and LocationMatch directive to lock it down. I followed along in the security web page.
I cannot access the http://yourserver.com/dokuwiki/data/pages/wiki/dokuwiki.txt, but the warning is present.

OS: Windows XP Pro
Web Server: Apache 2.2

Is this a bug or something I am missing?
Thank you for any information.

Contents of httpd.conf file:

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/dokuwiki">

    # No directory indexes. No Multiview negotiation with client. Follow sym links.
    ## You should disable Indexes and MultiViews either here or in the
    ## global config. Symlinks maybe needed for URL rewriting.
    #Options -Indexes -MultiViews +FollowSymLinks

    # JON: Putting -MultiViews in the below line like shown in above line causes a
    # server error.
    Options -Indexes +FollowSymLinks


    # No reason to use .htaccess files since I am configuring Dokuwiki here.
    AllowOverride None


    # Make sure nobody gets the htaccess, README, COPYING or VERSION files
    <Files ~ "^([\._]ht|README$|VERSION$|COPYING$)">
        # Filter first what to allow, then what to deny. Deny all.
        Order allow,deny
        Deny from all
        Satisfy All
    </Files>


    # Enable mod_rewrite
    ## Uncomment these rules if you want to have nice URLs using
    ## $conf['userewrite'] = 1 - not needed for rewrite mode 2
    RewriteEngine on
    #
    ## Not all installations will require the following line.  If you do,
    ## change "/dokuwiki" to the path to your dokuwiki directory relative
    ## to your document root.
    #RewriteBase /dokuwiki
    #
    ## If you enable DokuWikis XML-RPC interface, you should consider to
    ## restrict access to it over HTTPS only! Uncomment the following two
    ## rules if your server setup allows HTTPS.
    #RewriteCond %{HTTPS} !=on
    #RewriteRule ^lib/exe/xmlrpc.php$      https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
    #
    RewriteRule ^_media/(.*)              lib/exe/fetch.php?media=$1  [QSA,L]
    RewriteRule ^_detail/(.*)             lib/exe/detail.php?media=$1  [QSA,L]
    RewriteRule ^_export/([^/]+)/(.*)     doku.php?do=export_$1&id=$2  [QSA,L]
    RewriteRule ^$                        doku.php  [L]
    RewriteCond %{REQUEST_FILENAME}       !-f
    RewriteCond %{REQUEST_FILENAME}       !-d
    RewriteRule (.*)                      doku.php?id=$1  [QSA,L]
    RewriteRule ^index.php$               doku.php

</Directory>

<LocationMatch "/(data|conf|bin|inc)/">
    Order allow,deny
    Deny from all
    Satisfy All
</LocationMatch>
Avatar
lupo49 (Moderator) #2
Member since Jul 2009 · 1399 posts · Location: Warstein, Germany
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
Can you access http://dw.tld/data/security.png?

The check is done in inc/infoutils.php line 226ff.
Avatar
phatcoder #3
Member since May 2011 · 2 posts · Location: Arvada, CO USA
Group memberships: Members
Show profile · Link to this post
I am not able to access the security.png or anything else in data, conf, bin, inc.

Well, I went to lunch and came back and the message went away!
I guess my browser was caching it or something? I refreshed over and over before using <F5> in Firefox. Anyway....

Instead of using a LocationMatch directive per the security page, I used a DirectoryMatch. I figure better to filter on the directories than the URL. If you disagree let me know.

<DirectoryMatch "C:/Program Files/Apache Software Foundation/Apache2\.2/htdocs/dokuwiki/(data|conf|bin|inc)/">
    Order allow,deny
    Deny from all
    Satisfy All
</DirectoryMatch>

Thanks for the quick response!
Jon
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2015-07-28, 21:43:34 (UTC +02:00)