469,934 Members | 2,607 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,934 developers. It's quick & easy.

PHP generating .htaccess unresponsive

Hi,

I'm trying to do something I think is pretty neat, but I've just about pulled my hair out by the behavior of my server. I'm hosting on GoDaddy, using a subdomain (www.mywebpage.com maps to /mywebpage), running Apache 1.3.33, and PHP 4.3.11. The goal is to use PHP to install an .htaccess file in a folder to forbid PHP files from being accessed from outside the server.

I have a working .htaccess file in one folder, and I have been trying to mimic it's nature as close as possible. Everytime I try to generate one elsewhere the results are spotty and inconsistent.

The PHP script checks to see if the folder's permissions are set to 0755 first, then creates and writes the '.htaccess' file and sets its permissions to 0644. This is what it writes (with no newline at the end, because that seemed to be a problem):

SetEnvIfNoCase Referer "^http://www.mywebpage.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.mywebpage.com$" locally_linked=1
SetEnvIfNoCase Referer "^http://mywebpage.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://mywebpage.com$" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1
<FilesMatch "\.php$">
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>

<Files ~ "\.php$">
Order Allow,Deny
Deny from All
</Files>

The working example that I handmade works consistently, and when I compare my generated file and its container folder's stats [stat()] (permissions, owners, etc.) they are exactly the same in terms of owners and permissions. I have done a byte-by-byte comparison of the working .htaccess file to the non-working, and they are the same. Yet, one folder seems to just work, and the other's don't, or mysteriously do.

When the PHP script 'installs' the file, it generates an HTTP request to the directory + 'test.php', with a spoofed referrer. The working .htaccess file returns 403 Forbidden even if the file doesn't exist, but the script seems to get 404's or 200's.

I know I must be missing something, but what could it be?
Jun 17 '07 #1
0 11170

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

1 post views Thread by yawnmoth | last post: by
8 posts views Thread by Joshua Beall | last post: by
4 posts views Thread by Ivo | last post: by
7 posts views Thread by John | last post: by
reply views Thread by Stoco | last post: by
14 posts views Thread by Brian Keating EI9FXB | last post: by
reply views Thread by Jack Hambabo | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.