4.1.14.3 update and Protect Writeable Folders From Dangerous

[P15-D24]

Where is this managed in the admin center? I don't see an option for it under System -> Security.

[Mark H]

If the option does not appear, then you have already enabled it.

In that case you'd need to edit the .htaccess file in your ./uploads/ folder to apply the changes to the file manually.

[Mark H]

I'll paste the info here for those who need it. This is taken from the update notice in the ACP, prior to upgrade:

 

"If you have already enabled the security feature "Protect Writeable Folders From Dangerous Files", then you will need to manually update the .htaccess file which you can do simply by opening "uploads/.htaccess" in a text editor and replacing its contents with:"

#<ipb-protection>
<Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml|([a-z0-9]{32}))$">
    Order allow,deny
    Deny from all
</Files>
#</ipb-protection>

 

[P15-D24]

Hmm, not seeing an .htaccess in  /p15d24ph_forum/uploads/logs/   Only one I see is in the actual forum directory and it doesn't have any #<ip-protection> entries. 

[P15-D24]

Mark, is the ip protection code snippet the only entry in the uploads/logs .htaccess file? 

[RevengeFNF]

Im using this with nginx:

    location ~ ^/uploads/.*\.(?:php\d*|phtml)$ {
      deny    all;
        }

@Mark H should i change it to?

    location ~ ^/uploads/.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml|([a-z0-9]{32}))$ {
      deny    all;
        }

 

[Rhett]

Yes just add the new extensions 

for above you, htaccess in /uploads/ applies to folders under /uploads also

[Mark H]

1 hour ago, P15-D24 said:

Hmm, not seeing an .htaccess in  /p15d24ph_forum/uploads/logs/   Only one I see is in the actual forum directory and it doesn't have any #<ip-protection> entries. 

I made a typo in my post, which I corrected. The correct path is simply ./uploads/

[Gabriel Torres]

@Mark H Can I safely use the rules @RevengeFNF posted above for nginx? Or does it need any adjustment? Many thanks, as we also use ngninx here.

[Mark H]

I don't use nginx so I don't know, unfortunately. I'll let someone else answer that.

 

[riko]

I updated manually. Can that annoying red block that tells me to upgrade, (which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side?

[SaltyBart]

55 minutes ago, riko said:

I updated manually. Can that annoying red block that tells me to upgrade, (which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side?

If you have updated to the last version, the red block isn't there.

Which version are you on ? 

[Admin Audinside]

Hi guys, i have the same problem (from Italy http://audinside.it)

1 hour ago, R-023 said:

which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side?

is possible have the istructions for resolve this problem?

Thanks

Giuseppe

[opentype]

What problem? Wait until tomorrow and then do the ACP upgrade. You can’t stand the upgrade warning for a day?

[SaltyBart]

17 minutes ago, josdoss said:

which is impossible at the moment as you guys are doing maintenance at your end) please be made dismissible on the forum side?

Quote are not my words.

 

But hiding the red block, it is not possible by system default.

You have to edit / add something manual but this is not supported by ips. 

Also what this is, is not allowed to discuss this here on ips. 

 

If you guys have a little patience, the maintenance from the client area is almost ready regarding the time schedule, after that you can update normally and all your problems disappear!!  

[Admin Audinside]

@opentype

of course is possible for me waiting; don't have urgency, it was just to understand

@R-023

Thanks for your reply 

OK I'll wait

[bassangler]

Quote

Protect Writeable Folders From Dangerous Files

Where in the admin CP would I find this setting?

[opentype]

System → Security

[Kenneth Baker]

hello

newbie question 

if i updated the .htaccess manually then i dont have to run this upgrade at all ?

cause i ran the upgrade, it says it downloaded the files but when trying to continue the upgrade it says "file not found"