Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
P15-D24 Posted September 7, 2016 Posted September 7, 2016 Where is this managed in the admin center? I don't see an option for it under System -> Security.
Mark H Posted September 7, 2016 Posted September 7, 2016 If the option does not appear, then you have already enabled it. In that case you'd need to edit the .htaccess file in your ./uploads/ folder to apply the changes to the file manually.
Mark H Posted September 7, 2016 Posted September 7, 2016 I'll paste the info here for those who need it. This is taken from the update notice in the ACP, prior to upgrade: "If you have already enabled the security feature "Protect Writeable Folders From Dangerous Files", then you will need to manually update the .htaccess file which you can do simply by opening "uploads/.htaccess" in a text editor and replacing its contents with:" #<ipb-protection> <Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml|([a-z0-9]{32}))$"> Order allow,deny Deny from all </Files> #</ipb-protection>
P15-D24 Posted September 7, 2016 Author Posted September 7, 2016 Hmm, not seeing an .htaccess in /p15d24ph_forum/uploads/logs/ Only one I see is in the actual forum directory and it doesn't have any #<ip-protection> entries.
P15-D24 Posted September 7, 2016 Author Posted September 7, 2016 Mark, is the ip protection code snippet the only entry in the uploads/logs .htaccess file?
RevengeFNF Posted September 7, 2016 Posted September 7, 2016 Im using this with nginx: location ~ ^/uploads/.*\.(?:php\d*|phtml)$ { deny all; } @Mark H should i change it to? location ~ ^/uploads/.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml|([a-z0-9]{32}))$ { deny all; }
Rhett Posted September 7, 2016 Posted September 7, 2016 Yes just add the new extensions for above you, htaccess in /uploads/ applies to folders under /uploads also
Mark H Posted September 7, 2016 Posted September 7, 2016 1 hour ago, P15-D24 said: Hmm, not seeing an .htaccess in /p15d24ph_forum/uploads/logs/ Only one I see is in the actual forum directory and it doesn't have any #<ip-protection> entries. I made a typo in my post, which I corrected. The correct path is simply ./uploads/
Gabriel Torres Posted September 7, 2016 Posted September 7, 2016 @Mark H Can I safely use the rules @RevengeFNF posted above for nginx? Or does it need any adjustment? Many thanks, as we also use ngninx here.
Mark H Posted September 7, 2016 Posted September 7, 2016 I don't use nginx so I don't know, unfortunately. I'll let someone else answer that.
riko Posted September 7, 2016 Posted September 7, 2016 I updated manually. Can that annoying red block that tells me to upgrade, (which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side?
SaltyBart Posted September 7, 2016 Posted September 7, 2016 55 minutes ago, riko said: I updated manually. Can that annoying red block that tells me to upgrade, (which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side? If you have updated to the last version, the red block isn't there. Which version are you on ?
Admin Audinside Posted September 7, 2016 Posted September 7, 2016 Hi guys, i have the same problem (from Italy http://audinside.it) 1 hour ago, R-023 said: which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side? is possible have the istructions for resolve this problem? Thanks Giuseppe
opentype Posted September 7, 2016 Posted September 7, 2016 What problem? Wait until tomorrow and then do the ACP upgrade. You can’t stand the upgrade warning for a day?
SaltyBart Posted September 7, 2016 Posted September 7, 2016 17 minutes ago, josdoss said: which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side? Quote are not my words. But hiding the red block, it is not possible by system default. You have to edit / add something manual but this is not supported by ips. Also what this is, is not allowed to discuss this here on ips. If you guys have a little patience, the maintenance from the client area is almost ready regarding the time schedule, after that you can update normally and all your problems disappear!!
Admin Audinside Posted September 7, 2016 Posted September 7, 2016 @opentype of course is possible for me waiting; don't have urgency, it was just to understand @R-023 Thanks for your reply OK I'll wait
bassangler Posted September 9, 2016 Posted September 9, 2016 Quote Protect Writeable Folders From Dangerous Files Where in the admin CP would I find this setting?
Kenneth Baker Posted September 9, 2016 Posted September 9, 2016 hello newbie question if i updated the .htaccess manually then i dont have to run this upgrade at all ? cause i ran the upgrade, it says it downloaded the files but when trying to continue the upgrade it says "file not found"
Recommended Posts
Archived
This topic is now archived and is closed to further replies.