Forum
Trouble with a URLToolkit
Jeff Melton
16 September 2015, 18:19
I'm trying to replicate the function of the htaccess file below by denying access to those file extensions within the directory where that file is located -- WebsiteRoot/wp-content/uploads/gravity_forms
Here's the URLToolkit as it is right now:
If I request http://WebsiteRoot/wp-content/uploads/gravity_forms/foo.py in a browser, I get a 404. Testing with wigwam (which I'm not sure I fully understand yet):
Now, I may be completely misunderstanding what that htaccess file is doing, so I'm happy to work with a different approach. But it looks to me like my URLToolkit isn't working correctly. I see 200 status codes in the access log, instead of "access denied via URL toolkit rule" in error.log.
Can someone help me wrap my head around what's going on here?
<Files *>
SetHandler none
SetHandler default-handler
Options -ExecCGI
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
</Files>
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
Here's the URLToolkit as it is right now:
UrlToolkit {
ToolkitID = gravity_forms
Match [^?]*(gravity_forms/)+([0-9a-zA-Z-]*/*)(.*\.(cgi|php|php3|php4|php5|phtml|pl|py|pyc|pyo))$ DenyAccess
Do Call wordpress
}
UrlToolkit {
ToolkitID = wordpress
RequestURI exists Return
Match [^?]*(\?.*)? Rewrite /index.php$1
}If I request http://WebsiteRoot/wp-content/uploads/gravity_forms/foo.py in a browser, I get a 404. Testing with wigwam (which I'm not sure I fully understand yet):
url: /wp-content/uploads/gravity_forms/foo.py
old: (403 Forbidden)
url: /WebsiteRoot/wp-content/uploads/gravity_forms/foo.py
old: (403 Forbidden)
Now, I may be completely misunderstanding what that htaccess file is doing, so I'm happy to work with a different approach. But it looks to me like my URLToolkit isn't working correctly. I see 200 status codes in the access log, instead of "access denied via URL toolkit rule" in error.log.
Can someone help me wrap my head around what's going on here?
Jeff Melton
16 September 2015, 20:07
I've continued tweaking the toolkit, but the same behavior persists: wigwam gives me 403s; site returns 404 unless I request http://WebsiteRoot/wp-content/uploads/gravity_forms/index.php, in which case it returns the empty index.html file that's in that directory. So the DenyAcess action isn't happening, and I can't tell why.
Jeff Melton
16 September 2015, 20:40
For reasons yet unclear, when I concatenated separate toolkits together into one, I was able to make this work:
I don't know if that'll have unforeseen consequences, but there you have it.
UrlToolkit {
ToolkitID = wordpress
Match ^/wp-content/uploads/wc-logs/ DenyAccess
Match ^/wp-content/uploads/woocommerce_uploads/ DenyAccess
Match ^/wp-content/uploads/gravity_forms/([0-9a-zA-Z-]*/+)?*.+\.(cgi|php[345]?|phtml|pl|py[co]?)(.*)?$ DenyAccess
RequestURI exists Return
Match [^?]*(\?.*)? Rewrite /index.php$1
}
I don't know if that'll have unforeseen consequences, but there you have it.
Hugo Leisink
16 September 2015, 22:02
Don't know what went wrong. Perhaps you still called wordpress instead of gravity_forms? Anyway, good to hear it all works.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
