Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
ownCloud 9.0.3 : The .htaccess file is not working! ?? #25416
Steps to reproduce
A few days ago i upgraded to the latest version of owncloud ( ownCloud 9.0.3 (stable) ).
I did not expect to have any security problem, because before i upgrade everything works correctly.
Operating system: Ubuntu Server 16.04 LTS
Web server: Apache/2.4.18 ( Ubuntu )
Database: Mysql Ver 14.14 Distrib 5.7.12
PHP version: 7.0.4-7ubuntu2.1
ownCloud version: ownCloud 9.0.3 (stable)
Updated from an older ownCloud or fresh install: I upgraded from the previous version
List of activated apps:
The content of config/config.php:
What could be wrong? ( whereas before everything was fine )
Thank you very much.
I had the same problem. I uploaded another .htaccess from and older installation. The error was gone then. It looks like this:
I think it would be helpful if you could post your .htaccess as well.
At all: Since I used an older .htaccess, is it still ok or has something changed?
I saw your answers from the first moment but excuse me, now i manage to answer.
So first of all to clarify the following : I am really vulnerable or not?
@dergilb99 I tried your solution and so i added to my .htaccess file, these lines :
( Because the version of my apache is : Apache/2.4.18 ( Ubuntu ) )
But with this setting, i did not have access anywhere on the site.
So in the end i left it the file as it was. ( By the way, this is the .htaccess file i have. )
@RealRancor When it will be available this update ( 9.0.4 ) ?
Thank you and sorry for the delayed reply ( and my bad english )! :)
I have a similar .htaccess, but in the owncloud directory. I meant the one in the data directory (owncloud/data, in your case). I guess you edited the owncloud .htaccess file.
owncloud: the long .htaccess file
@RealRancor: I did not make the modifications you mentioned, just uploaded the old .htaccess. Message is gone, too.
So, where is the problem? : /
I have the same problem after updating my cloud to 9.0.3. I didn't change anything on .htaccess (/owncloud or /data), everything original :-) The funny thing is this is not only a warring throw out by a check-script and is not related to #25331 .
I can bypass my .htaccess and access all my files... this is the biggest problem. I run CentOS 7 and updated Owncloud using repositories.
Note: Before the upgrade, I didn't had this security breach.
I added the below lines to my vhost config, but this is not a fix.
Your vhost config should match what is in the docs: https://doc.owncloud.org/server/9.0/admin_manual/installation/source_installation.html#apache-web-server-configuration