Security - unable to apply .htaccess protection

[paulcallender@talk21.com]

Hello

I have just installed v4.0.11 in a test area. The underlying storage area on the (Linux) server is /public_html/testarea123/ which serves www.canalworld.net/testarea123/ The permissions on the testarea123 folder are 0755.

I went into AdminCP --> System --> Overview --> Security --> Protect Writeable Folders From Dangerous Files pressed Enable but the following error comes up:

Sorry, you do not have permission for that!

2C258/1 There was an error writing the htaccess file. Create a .htaccess file in the directory with the content below

 

Now I KNOW that I could simply copy the relevant code and place it into the relevant directory but.....why does the Security Center offer to apply it, but then not be able to? Its a bit of an oxymoron if its trying to protect the relevant areas which it thinks needs protecting, but are in fact unwriteable by itself! Also, on the previous version (v3.4.8) we used .htaccess and .htpasswd protection on the /admin directory - when I try to enable this myself, it disallows users from accessing the normal forum area (of the test site, ie not the admin area of the test site) because it shows an http access login box, which of course only a handful of people (the admins) know the login details for. Is this method of further protecting the admin area now no longer possible in v4?

I am faced with manually having to create and place an .htaccess file into the relevant directories. During the install all directories were copied over and gained 0755 permissions in the file copy stage, then running upgrade.php I was prompted to change permissions (to 0777) on some of the ones which needed to be writeable. I've included a screenshot, the green highlighted shows the directories with 0777 permissions. .htaccess has not been written ANYWHERE on the test area.

 

[Carlos S.]

Hello,

I had that same problem with my IPB4 you should just make a file called httaccess with that code that they gave you that's what I did

[paulcallender@talk21.com]

Hello,

I had that same problem with my IPB4 you should just make a file called httaccess with that code that they gave you that's what I did

Yes, that's what I'm going to do.....did you try protecting the admin directory with http authentication  (I know there's security issues with it in itself) as is recommended in version 3?

------------------------(Below added later but the forum software appends onto the previous post......grrrrrr...)

Also, did you put an .htaccess file into the 1st level of subdirectories with 0777 permissions, or further levels of directories? I estimate there's around 1000 to do - which is why I'm keen on it being automated by the AdminCP, as it should be. (The large number is due to the site being around for a long time, so lots of uploads and gallery albums for lots of users etc)

I put an .htaccess file into the 1st level of directories with 0777, reran the Security Center page and it still comes up as a recommendation.