Forum

I've got an opencart installation running on Hiawatha v10.8.2, but there's a bug and I need to keep a directory in the web root folder that would under normal security practices be kept outside/above that folder. The devs suggest in the bug tracker to use .htaccess to block access to that directory, but I've tried a few different ways to do that, but haven't been able to succeed.

I put a file named 'test.html' in the directory.

Then I created a .hiawatha file in that directory with the contents:

AccessList = deny all

and the file is still accessible.

So I put this into hiawatha.conf:

Directory {
        Path = /var/www/[mydomainhere].com/public/storage/
        AccessList = deny all
}

...and restarted hiawatha. I can still load test.html. So then I tried this in hiawatha.conf:

Directory {
	DirectoryID = storage
	Path = /storage
	ShowIndex = no
	AccessList = deny all
}

...but alas, I can still load test.html.

If I try to just browse to '[mydomain].com/storage/', i get the result "No input file specified."

If this matters, I've got the following toolkit in hiawatha.conf also as suggested elsewhere here:

UrlToolkit {
  ToolkitID = opencart
  Match ^/sitemap.xml$ Rewrite /index.php?route=feed/google_sitemap
  Match ^/googlebase.xml$ Rewrite /index.php?route=feed/google_base
  Match ^/system/download/.* Rewrite /index.php?route=error/not_found
  RequestURI exists Return
  Match \.(ico|gif|jpg|jpeg|png|js|css) Return
  Match ([^?]*)(\?(.*))? Rewrite /index.php?_route_=$1&$3
}

Thanks.

You need to set 'UseLocalConfig = yes' in your virtual host configuration for that to work.


That's no a valid .hiawatha configuration. Just use 'AccessList = deny all'.


Did you use 'UseDirectory = storage' in your virtual host configuration?

Thanks. This cleared up a lot. Particularly:


and