Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

htaccess contribution question

obcbeatle

By obcbeatle
in Security

Recommended Posts

obcbeatle

obcbeatle

Posted
Posted

Quick question. Can I use the htaccess contributions in my existing .htaccess file that lives in my ~public_html folder (the root directory for my entire web site, per my web hoster), as opposed to putting the contributions in an .htaccess file that lives in the folder I installed osC (my equivalent to the "catalog" directory). Bottom-line, it would be nice to have all code in just one .htaccess file for my entire web site, if that's possible, and best practice? Thanks!

Link to comment
Share on other sites
MrPhil

MrPhil

Posted
Posted

Well, you certainly need to understand what the commands in both .htaccess files are doing, and how they'll interact if you merge the two. Potentially, you could smash the two together and have just one .htaccess, but it may have undesirable effects on other pages of your site. If you have osC in its own directory tree, it might be easier to have its own .htaccess file, rather than going through the pain of trying to merge the two. On the flip side, your root .htaccess might be doing things that cause problems for osC, and whose own .htaccess may not be able to "back them out" (e.g., URL rewriting). If nothing else, you might have to modify your root .htaccess to not do certain things if control will be passed on to the store.

Link to comment
Share on other sites
obcbeatle

obcbeatle

Posted
  • Author
Posted

Well, you certainly need to understand what the commands in both .htaccess files are doing, and how they'll interact if you merge the two. Potentially, you could smash the two together and have just one .htaccess, but it may have undesirable effects on other pages of your site. If you have osC in its own directory tree, it might be easier to have its own .htaccess file, rather than going through the pain of trying to merge the two. On the flip side, your root .htaccess might be doing things that cause problems for osC, and whose own .htaccess may not be able to "back them out" (e.g., URL rewriting). If nothing else, you might have to modify your root .htaccess to not do certain things if control will be passed on to the store.

 

OK...I believe I will keep the .htaccess files separate as what you say makes sense as far as managing/trouble-shooting. There ARE a couple .htaccess commands in the contrib I need to better understand as (2) broke my site when testing. Thanks for the advice!

Link to comment
Share on other sites
mdtaylorlrim

♥mdtaylorlrim

Posted
Posted

.htaccess files are recursive and the last directive processed is the one that will be followed.

 

That is:


  •  
  • An .htaccess file in your ROOT directory affects your entire site.
  • An .htaccess file in your images folder does not affect your root or includes or admin, but does affect your images folder AND any sub folder and any sub sub folder, etc.
  • If you have a directive in the root .htaccess, and a conflicting directive in the /root/sub1/sub2/ folder, then the directive processed in the sub2 folder will be followed.
     
     

 

.htaccess files in specific directories for specific reasons.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites
obcbeatle

obcbeatle

Posted
  • Author
Posted

.htaccess files are recursive and the last directive processed is the one that will be followed.

 

That is:


  •  
  • An .htaccess file in your ROOT directory affects your entire site.
  • An .htaccess file in your images folder does not affect your root or includes or admin, but does affect your images folder AND any sub folder and any sub sub folder, etc.
  • If you have a directive in the root .htaccess, and a conflicting directive in the /root/sub1/sub2/ folder, then the directive processed in the sub2 folder will be followed.
     
     

 

.htaccess files in specific directories for specific reasons.

 

Thanks for the clarification. I did have one last question as I have successfully implemented all the security cotribs (as far as I can tell) except the XSS Shield. Step # 1) (add these lines to your .htaccess file), I've done.

 

<SNIP>

Step # 2) create an index_error.php file with whatever content you want to be displayed.

<SNIP>

 

The above, Step 2, I do not know what code to put into the index_error.php (anyone have an example?), plus I don't know where index_error.php is supposed to live other than probably the same dir where the .htaccess file lives that has the XSS Shield commands? Any help appreciated. Thanks!

 

I do not understand

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...