logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Force Apache2.4 to read .htaccess in parent directory
Author
spitzerspace



Joined: 24 Dec 2014
Posts: 7

PostPosted: Thu 31 Mar '22 3:39    Post subject: Force Apache2.4 to read .htaccess in parent directory Reply with quote

Is there a way to force apache to read the parent .htaccess before the current directory .htaccess? Even if I put "Require all denied" in the document root, apache will still allow access to child folders.

Config:
Code:
<Directory /var/www/>
   Options -Indexes
   AllowOverride All
</Directory>

<Directory /var/www/owncloud>
   AllowOverride FileInfo Indexes Options
</Directory>


Contents of /var/www/.htaccess
Code:
<RequireAll>
    Require all denied

</RequireAll>


Contents of /var/www/owncloud/.htaccess
Code:
<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header      unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"
    Header      unset X-XSS-Protection
    Header always set X-XSS-Protection "0"
    Header      unset X-Robots-Tag
    Header always set X-Robots-Tag "none"
    Header      unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"
    Header      unset X-Download-Options
    Header always set X-Download-Options "noopen"
    Header      unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"
    SetEnv modHeadersAvailable true
  </IfModule>

  # Let browsers cache CSS, JS files for half a year
  <FilesMatch "\.(css|js)$">
    Header      unset Cache-Control
    Header always set Cache-Control "max-age=15778463"
  </FilesMatch>
 
  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff$">
    Header      unset Cache-Control
    Header always set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

<IfModule mod_php5.c>
    php_value always_populate_raw_post_data -1
    php_value upload_max_filesize 513M
    php_value post_max_size 513M
    php_value memory_limit 512M
    php_value mbstring.func_overload 0
    php_value default_charset 'UTF-8'
    php_value output_buffering 0
    <IfModule mod_env.c>
      SetEnv htaccessWorking true
    </IfModule>
</IfModule>

<IfModule mod_php7.c>
    php_value upload_max_filesize 513M
    php_value post_max_size 513M
    php_value memory_limit 512M
    php_value mbstring.func_overload 0
    php_value default_charset 'UTF-8'
    php_value output_buffering 0
    <IfModule mod_env.c>
      SetEnv htaccessWorking true
    </IfModule>
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates|changelog)/.* - [R=404,L]
  RewriteRule ^core/signature\.json - [R=404,L]
  RewriteRule ^(?:core/skeleton)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>
Back to top
tangent



Joined: 16 Aug 2020
Posts: 213
Location: UK

PostPosted: Thu 31 Mar '22 18:09    Post subject: Reply with quote

What release of Apache are you using? I cannot reproduce the problem you describe with Apache 2.4.53 and your configuration settings.

Indeed, without "Require All Granted" defined for the top level directory, I cannot access any content in sub-directories, which is why it's present in the default configuration.

If you read this section of the documentation (https://httpd.apache.org/docs/current/howto/htaccess.html#when), it confirms Apache does read and process htaccess files from all parent directories before the current directory (AllowOverride permitting).
Back to top


Reply to topic   Topic: Force Apache2.4 to read .htaccess in parent directory View previous topic :: View next topic
Post new topic   Forum Index -> Apache