Is Sentinel Working without the htaccess file...

Worker Joined: Jul 07, 2004 Posts: 192

Is Sentinel working OK without the htaccess file... What are differences of having this file and not having... And How can I check if my server is running on Apache... I can't find it anywhere... Maybe there's a module or a block that can show the server info...

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Type this code into a good text editor and save the file as phpinfo.php. Then ftp that file to your web root folder.

Code:

<?


phpinfo();


?>

Now run that file by pointing your browser to [ Only registered users can see links on this board! Get registered or login! ] You will see at the top what server software you are running. Now rename that file as you don't want it available to everyone else.

.htaccess only runs under Apache. When blocking code is in .htaccess you are blocking at the server level. When used in a MySQL table, you are only blocking at the application level.

Posted: Thu Jul 08, 2004 5:05 am

I'm running on the Apache server but I don't have htaccess file in the root dir... I've downloaded WS_FTP... And still I can't see .htaccess file... What can I do... Should I simply put the empty file in the root...

Posted: Thu Jul 08, 2004 5:16 am

It's .htaccess and when using WsFTP you need to add -la to the file mask and then hit enter. You will then be able to see all hidden files.

Posted: Thu Jul 08, 2004 5:31 am

I still can't find the file... Is it suppose to be In the root folder of my PHP Nuke... ?? Or maybe someplace else...

Posted: Thu Jul 08, 2004 5:34 am

In your Sentinel config, you have to tell it where to put it. Try just using .htaccess as the entry in the config.

Posted: Thu Jul 08, 2004 5:54 am

OK... Thanks for the help... Smile

Posted: Thu Jul 08, 2004 9:34 am

Here another thing you can do. Using a text editor create a new document, place

Code:

Options All -Indexes


DirectoryIndex index.php index.htm index.html /noindex.php

into it and save it as .htaccess . Then upload that to your root nuke directory (where you have mainfile.php) and CHMOD it to 666. And yes there is a blank line at the end of that code above so when Sentinel(tm) starts appending to the file it doesn't add to the DirectoryIndex line Smile

What these two commands do is to disallow anyone from getting a listing of anything in your sites directory structure. The second line tells it what index files to look for.

the index.php file is as follows:

Code:

<?


?>


<p align="center"><img border="0" src="/images/eyes.gif" alt="No Directory Browsing" width="120" height="80"><br><b>Directory browsing is not allowed!</b></p>


<?


?>

If you want to see how it looks goto [ Only registered users can see links on this board! Get registered or login! ] .

Posted: Thu Jul 08, 2004 12:39 pm

So is the use of the .htaccess file more safe than using the database?

What could a hacker (in theory) do when only the database is enabled and would that be prevented by making use of that file?

Posted: Thu Jul 08, 2004 3:10 pm

Caedus wrote:

So is the use of the .htaccess file more safe than using the database?

Technically speaking, yes. This way protects you at the web server level, meaning that they can't get at any documents anywhere in the path and sub-paths from where the .htaccess file is located. If just stored in a database, they are only restricted if that application calls it.

Quote:

What could a hacker (in theory) do when only the database is enabled and would that be prevented by making use of that file?

They would have access to any directory/folder that is not in that pth.

Posted: Thu Jul 08, 2004 6:24 pm

I have made .htaccess and noindex.php files And I've put them in the folder in which I have mainfile.php...
I've got some questions... If for example I've got many folders before my nuke root folder .htaccess file still goes in the folder in which I have mainfile.php...
For example I've got:
ble_ble/ble_ble2/mainfile.php .... So the htaccess goes here right ??

And the path to the .htaccess file in the Sentinel Administration... should still be just .htaccess... or should I put ble_ble/ble_ble2/.htaccess

Posted: Thu Jul 08, 2004 7:17 pm

.htaccess works hierarchically. So, if you have domain_name_1.com/.htaccess, that will apply to all folders beneath it, but not above it. You can have individual .htaccess files in every folder if you wish. The more and the larger the .htaccess files, the more penalty you pay in overhead expense. But, the extra nanoseconds are well worth the cost, imo.

Posted: Thu Jul 08, 2004 7:27 pm

Thanks for your help... But I need to straighten this up...

the path to .htaccess that Sentinel uses should be:
[ Only registered users can see links on this board! Get registered or login! ]

or
[ Only registered users can see links on this board! Get registered or login! ] bla/bla bla2/.htaccess

Or maybe I don't use [ Only registered users can see links on this board! Get registered or login! ] in the path... Confused

Posted: Thu Jul 08, 2004 7:30 pm

It can be whatever you want, depending on how many folders above your nuke folder you want it to apply to Wink

. Just place it in the same file as your mainfile.php - in the Sentinel configuration screen, just enter .htaccess . Don't use any paths at all.

Posted: Thu Jul 08, 2004 7:35 pm

OK... Thank you very much for your help Smile

Posted: Sat Jul 10, 2004 6:44 am

Ok, thx Raven! I noticed you replaced the raven smiley too. Nice one Wink

!