client removal of .htaccess file

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

client removal of .htaccess file

Joel Miller
Can one without server root access delete a previously uploaded
.htaccess file?  The server can be accessed from the command line (e.g.,
ftp.[url] and permissions) but the file listing contains .htaccess_bak,
not the .htaccess file.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

Eric Covener
On Sun, Jul 19, 2020 at 6:58 AM Joel Miller <[hidden email]> wrote:
>
> Can one without server root access delete a previously uploaded
> .htaccess file?  The server can be accessed from the command line (e.g.,
> ftp.[url] and permissions) but the file listing contains .htaccess_bak,
> not the .htaccess file.

If the directory is writable by the user, yes.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

angel Hall-Coulston
In reply to this post by Joel Miller
Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
    Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <[hidden email]> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file?  The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

Joel Miller
In reply to this post by Joel Miller
Thank you.  I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?

Joel

973 736 8306



From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: [hidden email]
Subject: Re: [users@httpd] client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
    Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <[hidden email]> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file?  The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

Joel Miller
Just to clarify, the remote "client" is the owner of the URL and has full access for purposes of uploading the html, css, etc. files to the server, as well as .htaccess files.  At least one website states this can be done from the command line, but I'm not certain that's correct.  See http://www.activewebhosting.com/faq/cgi-htaccess-change.html

Does the .htaccess file physically remain in the directory where it was initially loaded?  Or, does the server remove, transfer, or otherwise dispose of the file?

Joel

973 736 8306


From: Joel <[hidden email]>
Sent: Sunday, July 19, 2020 7:32 AM
To: [hidden email] <[hidden email]>
Subject: Re: [users@httpd] client removal of .htaccess file
 
Thank you.  I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?

Joel

973 736 8306



From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: [hidden email]
Subject: Re: [users@httpd] client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
    Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <[hidden email]> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file?  The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

Antony Stone
On Sunday 19 July 2020 at 13:48:22, Joel wrote:

> Just to clarify, the remote "client" is the owner of the URL and has full
> access for purposes of uploading the html, css, etc. files to the server,
> as well as .htaccess files.  At least one website states this can be done
> from the command line, but I'm not certain that's correct.  See
> http://www.activewebhosting.com/faq/cgi-htaccess-change.html

a) Is Active Web Hosting the provider you are dealing with?

b) Have you tried following the instructions on that page to delete the file?

> Does the .htaccess file physically remain in the directory where it was
> initially loaded?  Or, does the server remove, transfer, or otherwise
> dispose of the file?

Apache does not, but I think your question is best directed at your hosting
provider.


Antony.

--
"Can you keep a secret?"
"Well, I shouldn't really tell you this, but... no."


                                                   Please reply to the list;
                                                         please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

Joel Miller
Antony -

Thank you.

I have not tried the procedure on Active Web page.  I want to know the options before uploading an htaccess file to a subdomain directory; I already have an .htaccess file loaded on the url "home" directory (i.e., www.xxx.com).

The hosting provider is StableHost, which deploys LiteSpeed, a commercial variant of Apache.  I will post these queries on the LiteSpeed forum; thank you for the suggestion.

Joel

973 736 8306


From: Antony Stone <[hidden email]>
Sent: Sunday, July 19, 2020 7:53 AM
To: [hidden email] <[hidden email]>
Subject: Re: [users@httpd] client removal of .htaccess file
 
On Sunday 19 July 2020 at 13:48:22, Joel wrote:

> Just to clarify, the remote "client" is the owner of the URL and has full
> access for purposes of uploading the html, css, etc. files to the server,
> as well as .htaccess files.  At least one website states this can be done
> from the command line, but I'm not certain that's correct.  See
> http://www.activewebhosting.com/faq/cgi-htaccess-change.html

a) Is Active Web Hosting the provider you are dealing with?

b) Have you tried following the instructions on that page to delete the file?

> Does the .htaccess file physically remain in the directory where it was
> initially loaded?  Or, does the server remove, transfer, or otherwise
> dispose of the file?

Apache does not, but I think your question is best directed at your hosting
provider.


Antony.

--
"Can you keep a secret?"
"Well, I shouldn't really tell you this, but... no."


                                                   Please reply to the list;
                                                         please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

@lbutlr
In reply to this post by Joel Miller
On 19 Jul 2020, at 05:48, Joel <[hidden email]> wrote:
> Does the .htaccess file physically remain in the directory where it was initially loaded?  Or, does the server remove, transfer, or otherwise dispose of the file?

Impossible for anyone else to answer this who is not in charge of the server.

Just as an example, one on server I had to deal with, the user could overwrite or delete .htaccess, but the system replaced it with the system-defined one any time the user did this.

In short, the host can do anything they want.




--
Forgive your enemies, but remember their names.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

Joel Miller
Thank you.  I have posted a query on the LiteSpeed forum and will also ask StableHost directly.

Thank you all for your very prompt and helpful responses.

Joel

973 736 8306


From: @lbutlr <[hidden email]>
Sent: Sunday, July 19, 2020 8:44 AM
To: [hidden email] <[hidden email]>
Subject: Re: [users@httpd] client removal of .htaccess file
 
On 19 Jul 2020, at 05:48, Joel <[hidden email]> wrote:
> Does the .htaccess file physically remain in the directory where it was initially loaded?  Or, does the server remove, transfer, or otherwise dispose of the file?

Impossible for anyone else to answer this who is not in charge of the server.

Just as an example, one on server I had to deal with, the user could overwrite or delete .htaccess, but the system replaced it with the system-defined one any time the user did this.

In short, the host can do anything they want.




--
Forgive your enemies, but remember their names.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

angel Hall-Coulston
In reply to this post by Joel Miller
Most '.htaccess' files ARE provided by host developers so that users have some security control over their site (being able to choose who or what to block is one case in hand) WITH 'write' access. Most sysadmins with access to root privileges don’t actually use them and format the directives directly by a 'directory by directory' configuration in apache config file (usually httpd.conf). So the usual use of them is for any user WITHOUT root access to the server and config files, so it’s a little out of the ordinary that you don’t have write or read access.
I wouldn’t recommend not having a basic '.htaccess' or having a dummy file, if you don’t have root access. 

"Just because you’re paranoid doesn’t mean they are not all out to get you…"

On 19 Jul 2020, at 12:32, Joel <[hidden email]> wrote:

Thank you.  I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?

Joel
973 736 8306


From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: [hidden email]
Subject: Re: [users@httpd] client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
    Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <[hidden email]> wrote:
> 
> Can one without server root access delete a previously uploaded .htaccess file?  The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
> 
> ---------------------------------------------------------------------
> To unsubscribe, [hidden email]
> For additional commands, [hidden email]
> 


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: client removal of .htaccess file

Joel Miller
In reply to this post by Joel Miller
Thanks.  I am guessing that I do have read/write access because I upload and remove the all of the files on the site, including .htaccess on the main branch.  Further, after logging in via the command line, I was able to navigate anywhere I could otherwise go in the file manager in cPanel.  Being on a shared server, I thus don't have root access or access to httpd.conf.

Since it's my site, I am the one who configured and uploaded the initial .htaccess file (after studying the Apache documentation for some time).  The file includes a few redirects, 400/403/404 errors, etc.  Since I rarely deal with this file, I am now relearning and further delving into the .htaccess configuration options for a subdomain that I'm building and wish to behave differently than the main site.

Thank you again for your time and assistance.

Joel

973 736 8306



From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 3:12 PM
To: [hidden email]
Subject: Re: [users@httpd] client removal of .htaccess file

Most '.htaccess' files ARE provided by host developers so that users have some security control over their site (being able to choose who or what to block is one case in hand) WITH 'write' access. Most sysadmins with access to root privileges don’t actually use them and format the directives directly by a 'directory by directory' configuration in apache config file (usually httpd.conf). So the usual use of them is for any user WITHOUT root access to the server and config files, so it’s a little out of the ordinary that you don’t have write or read access.
I wouldn’t recommend not having a basic '.htaccess' or having a dummy file, if you don’t have root access. 

"Just because you’re paranoid doesn’t mean they are not all out to get you…"

On 19 Jul 2020, at 12:32, Joel <[hidden email]> wrote:

Thank you.  I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?

Joel
973 736 8306


From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: [hidden email]
Subject: Re: [users@httpd] client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
    Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <[hidden email]> wrote:
> 
> Can one without server root access delete a previously uploaded .htaccess file?  The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
> 
> ---------------------------------------------------------------------
> To unsubscribe, [hidden email]
> For additional commands, [hidden email]
>