21294 Posts in 5734 Topics by 2602 members
| Go to End | Next > | |
| Author | Topic: | 4381 Views |
-
Re: secure the assets folder
19 June 2009 at 9:42am
I've been doing a bit of digging by way of debugging this.
The SecureFilePermission table gets created but the File table is not modified, I'm expecting a Secured and MemberPermission field to get added to the File table but it's unchanged.
It's as if SS is ignoring SecureFileDecorator.php (or _config.php) for some reason. -
Re: secure the assets folder
19 June 2009 at 10:26am
Adding the contents of /securefiles/code/_config.php to mysite/_config.php and rebuilding (/dev/build) modified the File table and added the Security tab so it looks like SS is ignoring the _config.php file for some reason. I've checked the file permissions and they seem fine so it looks like I've put something in the wrong place...
-
Re: secure the assets folder
19 June 2009 at 11:16am
I did some moving around of the four main php files and the _config.php file.
Just extracting the archive to the silverstripe directory so that the main files were in silverstripe/securefiles/code didn't work but moving the _config.php file up a level to silverstripe/securefiles/ did.Moving the modified securefiles directory into another sub-directory of silverstripe/, so that everything was one level lower, broke it again. Moving the _config.php file back up a level mended it again. It would seem that the _config.php file can only reside in directories that are the immediate children of silverstripe/. Silverstripe is quite happy to go and hunt for the other files but not _config.php.
Just as an experiment I moved my mysite/_config.php to mysite/newdir/_config.php. Nothing to do with securefiles but, as it gave a white screen of death, adds weight to the argument that Silverstripe is a bit fussy about the location of its _config.php files.
In conclusion then, on my setup (fedora+apache+php) with SS2.3.0 (and probably 2.3.1) the _config.php file needs to be in a directory that itself is the immediate child of silverstripe/.
-
Re: secure the assets folder
19 June 2009 at 11:33am
In conclusion then, on my setup (fedora+apache+php) with SS2.3.0 (and probably 2.3.1) the _config.php file needs to be in a directory that itself is the immediate child of silverstripe/
That is correct - all modules are created this way.
It sounds like you have not extracted the tar correctly. _config.php is in the securefiles folder, a direct child of your silverstripe website. The 4 main php files should be in the code folder. You should also have a lang folder.
-
Re: secure the assets folder
19 June 2009 at 10:07pm
It looks like I somehow managed to move the _config.php file within the archive - I must have been viewing it and slipped with the mouse! Then, having modified the archive, it didn't matter how many times I extracted it; the _config.php file was in the wrong place. Oh well!
Thanks for the reply and thanks for writing the module, I'm off to secure some files...
-
Re: secure the assets folder
19 June 2009 at 10:19pm
FYI, I have given the module a new home on Google code:
http://code.google.com/p/silverstripe-securefiles/
You check it out of the SVN repo at:
http://silverstripe-securefiles.googlecode.com/svn/trunk/
Please log bugs or change requests on the project page issue tracker.
-
Re: secure the assets folder
13 September 2009 at 8:49pm
I also had some .htaccess problems with securefiles module. My webhosting uses apache (don't know which version version) but changing securefiles/code/SecureFileController.php line 22 did the job as HansR suggested.
//"RewriteBase " . BASE_URL . "\n" .
"RewriteBase /\n" .Yes, group permissions would be a nice feature
-
Re: secure the assets folder
22 September 2009 at 6:29am
Hi,
i can't get this to work. Maybe one of you could help me?
If I just install the modul and secure a folder, I get an Server Error (500) when I request a file from that folder:
/var/syscp/webs/x75/kwf/assets/image-gallery/.htaccess: RewriteBase takes one argument, the base URL of the per-directory contextThen if I change the RewriteBase as suggested to "/" I get an 404, when I try to request anything from that folder. I enabled logging of mod_rewrite. As far as I can tell, it seems like it tries to load main.php from within the asset folder:
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] strip per-dir prefix: /var/syscp/webs/x75/kwf/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg -> Preysin$
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] applying pattern '(.*)' to uri 'Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg'
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (4) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] RewriteCond: input='/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg' pattern='^(.*)$' => matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (2) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] rewrite 'Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg' -> 'sapphire/main.php?url=/assets/image-gallery/Preysingstrae/Zitro$
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) split uri=sapphire/main.php?url=/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg& -> uri=sapphire/main.php, args=url=/assets/image-gallery/Preysingstrae/Zitron$
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] add per-dir prefix: sapphire/main.php -> /var/syscp/webs/x75/kwf/assets/image-gallery/sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (2) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] trying to replace prefix /var/syscp/webs/x75/kwf/assets/image-gallery/ with /
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (5) strip matching prefix: /var/syscp/webs/x75/kwf/assets/image-gallery/sapphire/main.php -> sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (4) add subst prefix: sapphire/main.php -> /sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (1) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] internal redirect with /sapphire/main.php [INTERNAL REDIRECT]
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (3) [perdir /var/syscp/webs/x75/kwf/] strip per-dir prefix: /var/syscp/webs/x75/kwf/sapphire/main.php -> sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (3) [perdir /var/syscp/webs/x75/kwf/] applying pattern '.*' to uri 'sapphire/main.php'
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/sapphire/main.php' pattern='!(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$)' => matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/sapphire/main.php' pattern='^(.*)$' => matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/var/syscp/webs/x75/kwf/sapphire/main.php' pattern='!-f' => not-matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (1) [perdir /var/syscp/webs/x75/kwf/] pass through /var/syscp/webs/x75/kwf/sapphire/main.phpAny Idea what I'm doing wrong?
Thanks
Johannes
| 4381 Views | ||
| Go to Top | Next > |
