Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Installation & Setup authz_core_module
authz_core_module
  • Offline sackbut
    Junior Member
  • **
  • Posts: 16
    Threads: 5
    Joined: Mar 2015
    Reputation: 0
#1
04-01-2015, 02:16 AM

Me, Newbie Smile

Installed C3 RC3 at home. Works a treat - no problems. Installed on server at hosting company. Does not work - in fact it triggered some sort of defensive system which locked me out for 15 minutes.

Had a look at the various .htaccess files dotted around CI and found one in the application folder which checks for the presence of an Apache module called authz_core_module. Removed this .htaccess file - now works OK

Hosting provider says running Apache 2.3 which does not have authz_core_module in the build.

So my question is: what do I lose by not having this file ? I don't have any choice of course - I have to remove it, but what does that do to the installation ?
Reply
  • Offline gadelat
    Member
  • ***
  • Posts: 128
    Threads: 3
    Joined: Feb 2015
    Reputation: 7
#2
04-01-2015, 06:41 AM

It's to deny access for user who is trying to access your application folder directly. If you have directory listing disabled or your application folder's name is not guessable, you don't need this file.
Reply
  • Offline CroNiX
    Senior Member
  • ****
  • Posts: 428
    Threads: 0
    Joined: Jan 2015
    Reputation: 25
#3
04-01-2015, 06:48 AM

Strange. I just checked the htaccess in /application and it's in an IfModule block, so it shouldn't have mattered whether it was installed or not.

You won't lose anything by not having the file. Instead, your htaccess in the /application and /system dirs (both) should just be "Deny from all". This just prevents web access to those dirs, which is a security measure. It won't affect your app, but prevent people from going to urls like http://yoursite.com/application/models/some_model.php and being able to execute things they shouldn't have access to via their web browser.

So these 2 files
/application/.htaccess
/system/.htaccess
should both contain only
Code:
Deny from all
Reply
  • Offline sackbut
    Junior Member
  • **
  • Posts: 16
    Threads: 5
    Joined: Mar 2015
    Reputation: 0
#4
04-01-2015, 09:04 AM

(04-01-2015, 06:48 AM)CroNiX Wrote: Strange. I just checked the htaccess in /application and it's in an IfModule block, so it shouldn't have mattered whether it was installed or not.

You won't lose anything by not having the file. Instead, your htaccess in the /application and /system dirs (both) should just be "Deny from all". This just prevents web access to those dirs, which is a security measure. It won't affect your app, but prevent people from going to urls like http://yoursite.com/application/models/some_model.php and being able to execute things they shouldn't have access to via their web browser.

So these 2 files
/application/.htaccess
/system/.htaccess
should both contain only

Code:
Deny from all
Reply
  • Offline sackbut
    Junior Member
  • **
  • Posts: 16
    Threads: 5
    Joined: Mar 2015
    Reputation: 0
#5
04-01-2015, 09:07 AM

Thanks Guys for that. Helpful. It is strange - as you say it is in a conditional so should not matter. But it definately blows things up.
KT
Reply




Theme © iAndrew 2016 - Forum software by © MyBB