Jump to:

23455 Posts in 18904 Topics by 2877 members

General Questions

SilverStripe Forums » General Questions » secure the assets folder

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2 3
Go to End
Author Topic: 5433 Views
  • FungshuiElephant
    Avatar
    Community Member
    57 Posts

    Re: secure the assets folder Link to this post

    I've been doing a bit of digging by way of debugging this.
    The SecureFilePermission table gets created but the File table is not modified, I'm expecting a Secured and MemberPermission field to get added to the File table but it's unchanged.
    It's as if SS is ignoring SecureFileDecorator.php (or _config.php) for some reason.

  • FungshuiElephant
    Avatar
    Community Member
    57 Posts

    Re: secure the assets folder Link to this post

    Adding the contents of /securefiles/code/_config.php to mysite/_config.php and rebuilding (/dev/build) modified the File table and added the Security tab so it looks like SS is ignoring the _config.php file for some reason. I've checked the file permissions and they seem fine so it looks like I've put something in the wrong place...

  • FungshuiElephant
    Avatar
    Community Member
    57 Posts

    Re: secure the assets folder Link to this post

    I did some moving around of the four main php files and the _config.php file.
    Just extracting the archive to the silverstripe directory so that the main files were in silverstripe/securefiles/code didn't work but moving the _config.php file up a level to silverstripe/securefiles/ did.

    Moving the modified securefiles directory into another sub-directory of silverstripe/, so that everything was one level lower, broke it again. Moving the _config.php file back up a level mended it again. It would seem that the _config.php file can only reside in directories that are the immediate children of silverstripe/. Silverstripe is quite happy to go and hunt for the other files but not _config.php.

    Just as an experiment I moved my mysite/_config.php to mysite/newdir/_config.php. Nothing to do with securefiles but, as it gave a white screen of death, adds weight to the argument that Silverstripe is a bit fussy about the location of its _config.php files.

    In conclusion then, on my setup (fedora+apache+php) with SS2.3.0 (and probably 2.3.1) the _config.php file needs to be in a directory that itself is the immediate child of silverstripe/.

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: secure the assets folder Link to this post

    In conclusion then, on my setup (fedora+apache+php) with SS2.3.0 (and probably 2.3.1) the _config.php file needs to be in a directory that itself is the immediate child of silverstripe/

    That is correct - all modules are created this way.

    It sounds like you have not extracted the tar correctly. _config.php is in the securefiles folder, a direct child of your silverstripe website. The 4 main php files should be in the code folder. You should also have a lang folder.

  • FungshuiElephant
    Avatar
    Community Member
    57 Posts

    Re: secure the assets folder Link to this post

    It looks like I somehow managed to move the _config.php file within the archive - I must have been viewing it and slipped with the mouse! Then, having modified the archive, it didn't matter how many times I extracted it; the _config.php file was in the wrong place. Oh well!

    Thanks for the reply and thanks for writing the module, I'm off to secure some files...

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: secure the assets folder Link to this post

    FYI, I have given the module a new home on Google code:

    http://code.google.com/p/silverstripe-securefiles/

    You check it out of the SVN repo at:

    http://silverstripe-securefiles.googlecode.com/svn/trunk/

    Please log bugs or change requests on the project page issue tracker.

  • malinux
    Avatar
    Community Member
    23 Posts

    Re: secure the assets folder Link to this post

    I also had some .htaccess problems with securefiles module. My webhosting uses apache (don't know which version version) but changing securefiles/code/SecureFileController.php line 22 did the job as HansR suggested.

    //"RewriteBase " . BASE_URL . "\n" .
    "RewriteBase /\n" .

    Yes, group permissions would be a nice feature

  • x75
    Avatar
    Community Member
    42 Posts

    Re: secure the assets folder Link to this post

    Hi,

    i can't get this to work. Maybe one of you could help me?

    If I just install the modul and secure a folder, I get an Server Error (500) when I request a file from that folder:
    /var/syscp/webs/x75/kwf/assets/image-gallery/.htaccess: RewriteBase takes one argument, the base URL of the per-directory context

    Then if I change the RewriteBase as suggested to "/" I get an 404, when I try to request anything from that folder. I enabled logging of mod_rewrite. As far as I can tell, it seems like it tries to load main.php from within the asset folder:

    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] strip per-dir prefix: /var/syscp/webs/x75/kwf/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg -> Preysin$
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] applying pattern '(.*)' to uri 'Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg'
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (4) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] RewriteCond: input='/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg' pattern='^(.*)$' => matched
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (2) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] rewrite 'Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg' -> 'sapphire/main.php?url=/assets/image-gallery/Preysingstrae/Zitro$
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) split uri=sapphire/main.php?url=/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg& -> uri=sapphire/main.php, args=url=/assets/image-gallery/Preysingstrae/Zitron$
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] add per-dir prefix: sapphire/main.php -> /var/syscp/webs/x75/kwf/assets/image-gallery/sapphire/main.php
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (2) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] trying to replace prefix /var/syscp/webs/x75/kwf/assets/image-gallery/ with /
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (5) strip matching prefix: /var/syscp/webs/x75/kwf/assets/image-gallery/sapphire/main.php -> sapphire/main.php
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (4) add subst prefix: sapphire/main.php -> /sapphire/main.php
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (1) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] internal redirect with /sapphire/main.php [INTERNAL REDIRECT]
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (3) [perdir /var/syscp/webs/x75/kwf/] strip per-dir prefix: /var/syscp/webs/x75/kwf/sapphire/main.php -> sapphire/main.php
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (3) [perdir /var/syscp/webs/x75/kwf/] applying pattern '.*' to uri 'sapphire/main.php'
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/sapphire/main.php' pattern='!(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$)' => matched
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/sapphire/main.php' pattern='^(.*)$' => matched
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/var/syscp/webs/x75/kwf/sapphire/main.php' pattern='!-f' => not-matched
    93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (1) [perdir /var/syscp/webs/x75/kwf/] pass through /var/syscp/webs/x75/kwf/sapphire/main.php

    Any Idea what I'm doing wrong?

    Thanks
    Johannes

    5433 Views
Page: 1 2 3
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.