Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Weird htaccess experience

Status
Not open for further replies.
RenoWV

RenoWV

Technical User
Mar 16, 2002
156
US
I've had a strange experience with htaccess. I tried adding a .htaccess file to a subfolder (2 levels from top) on my website. The purpose was to allow pages from within my domain to access the pages in that folder via internal links, but no access for external links placed outside the domain.

I've used htaccess before at this server without a problem (in folders one level deep), but this time, no matter how I configured the .htaccess, it would not allow a link from within the same domain to open any file in that folder (I get the "Forbidden" message).

And weirder yet, I got an email the next morning from the host saying that my allowable space was 99% used up. When I checked the folder where I put that htaccess file, it had generated a file named "core" that was 14 MB! When I downloaded and examined it, there was a bunch of gibberish (like machine code??). Now admittedly, during the testing phase when I was trying to figure out why it wasn't working, I probably hit the .htaccess file a couple dozen times. But 14 MEGA-bytes?!

If anyone has any insight, I'd be appreciative for the feedback. Am mostly curious why this happened. FYI, below are the various htaccess formats I tried...
Code: 
<Files *.php>
Order Allow,Deny
Deny from all
Allow from .mydomainname.com
</Files>

<Files *.php>
Order Allow,Deny
Allow from .mydomainname.com
Deny from all
</Files>

<Files *.php>
Order Deny,Allow
Allow from .mydomainname.com
Deny from all
</Files>

<Files *.php>
Order Deny,Allow
Deny from all
Allow from .mydomainname.com
</Files>

<Files *.php>
Order Allow,Deny
Allow from all
</Files>
 
Sort by date Sort by votes
Forgot to mention... the last htaccess format DID allow me access -- all others however returned "Forbidden".
Code: 
(worked ok)

<Files *.php>
Order Allow,Deny
Allow from all
</Files>
 
Upvote 0 Downvote
RenoWV,

I don't know about the 14MB file that was generated, but your .htaccess seems to have a mismatch between the stated Order and the Allow and Deny directives that follow it. Try changing the Order directive.

Code: 
<Files *.php>
Order Deny,Allow
Deny from all
Allow from .yourdomainname.com
</Files>

Also, is the repitition of the <Files *.php> container in your above example intentional?

Wishdiak
A+, Network+, Security+, MCSA: Security 2003
 
Upvote 0 Downvote

Thanks Wishdiak. Yes, that was intentional -- I wanted to show every possible format that I had tried (but each of them was tried one at a time -- not as a group).

Am getting the same result with your htaccess -- at this point it must be a server glitch. The only one that works is the one that says "Allow all" with no "Deny". As soon as put any reference to "Deny" in the htaccess, it brings back forbidden.

I think my next test will be to try the htaccess one level up (which is to say, one level down from top level) -- if that works I'll post it here in case anyone has any thoughts....

-----------------------
 
Upvote 0 Downvote
This would be the minimum .htaccess file:
.htaccess said:
Order Allow,Deny
Allow from .yourdomainname.com
Click to expand...
- this would disallow all access to any file except for machines resolvable to your host domain.

The machine names *must* resolve to a FQDN for the Apache server machine to include all of the specified '.yourdomainname.com' - leading period included. Any machine resolving to a simple short name will not get access, so tests from the server machine will often fail here. It is probable that you would be better off (if these machines are all in some form of local subnet) using IP ranges to specify access. You can test this by checking the IP address of the machine with which you are testing and specifically allowing that IP address in the .htaccess file.

Core files are generated when programs crash, if the *nix OS has been told to generate them. The when and where or corefile generation is highly configurable, but they have only one purpose. They contain a direct dump of the program and all of its requested memory allocations in order to allow code-level debugging. If you've acquired one in this directory then you've managed to make something crash here - most probably an Apache child, at 14M. That's not atypical for a executing footprint. Check the Apache logs for the moments just before the creation time of the file to see what Apache was doing; however I would suggest that there's likely to be a bug in the Apache PHP module or that you're doing something very strange with your PHP. Maybe both. If you don't yet know what corefiles are, however, you're going to have to learn quite a few things before you will get much more infomation out of the corefile.
 
Upvote 0 Downvote

Thanks very much MOrac for such an informative explanation. I do not generally use php, and would guess that the conflict lies in the way that particular script (from an archive) was written. At this point I have removed the htaccess entirely, so as to not create another problem. Live and learn... [3eyes]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
288
Krus1972
Krus1972
tyutghf
  • Locked
  • Question
htaccess password protect website
Replies
1
Views
135
feherke
feherke
gandalf458
  • Locked
  • Question
SEO-friendly URLs and .htaccess
Replies
4
Views
201
ChrisHirst
ChrisHirst
RWunder
  • Locked
  • Question
Using .htaccess to control http and https
Replies
0
Views
117
RWunder
RWunder
PCHomepage
  • Locked
  • Question
.htaccess Issue
Replies
7
Views
169
PCHomepage
PCHomepage

Part and Inventory Search

Sponsor

Back
Top