Mailing List Archive

On Sun, Jul 19, 2020 at 6:58 AM Joel Miller <jm-hotmail@hotmail.com> wrote:
>
> Can one without server root access delete a previously uploaded
> .htaccess file? The server can be accessed from the command line (e.g.,
> ftp.[url] and permissions) but the file listing contains .htaccess_bak,
> not the .htaccess file.

If the directory is writable by the user, yes.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <jm-hotmail@hotmail.com> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file? The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Thank you. I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?


Joel

973 736 8306

________________________________
From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no? ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
Require all denied
</FilesMatch>

And that?s prob why you can?t see it but CAN see the backup?

"What?s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <jm-hotmail@hotmail.com> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file? The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Just to clarify, the remote "client" is the owner of the URL and has full access for purposes of uploading the html, css, etc. files to the server, as well as .htaccess files. At least one website states this can be done from the command line, but I'm not certain that's correct. See http://www.activewebhosting.com/faq/cgi-htaccess-change.html

Does the .htaccess file physically remain in the directory where it was initially loaded? Or, does the server remove, transfer, or otherwise dispose of the file?


Joel

973 736 8306

________________________________
From: Joel <jm-hotmail@hotmail.com>
Sent: Sunday, July 19, 2020 7:32 AM
To: users@httpd.apache.org <users@httpd.apache.org>
Subject: Re: [users@httpd] client removal of .htaccess file

Thank you. I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?


Joel

973 736 8306

________________________________
From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no? ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
Require all denied
</FilesMatch>

And that?s prob why you can?t see it but CAN see the backup?

"What?s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <jm-hotmail@hotmail.com> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file? The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

On Sunday 19 July 2020 at 13:48:22, Joel wrote:

> Just to clarify, the remote "client" is the owner of the URL and has full
> access for purposes of uploading the html, css, etc. files to the server,
> as well as .htaccess files. At least one website states this can be done
> from the command line, but I'm not certain that's correct. See
> http://www.activewebhosting.com/faq/cgi-htaccess-change.html

a) Is Active Web Hosting the provider you are dealing with?

b) Have you tried following the instructions on that page to delete the file?

> Does the .htaccess file physically remain in the directory where it was
> initially loaded? Or, does the server remove, transfer, or otherwise
> dispose of the file?

Apache does not, but I think your question is best directed at your hosting
provider.


Antony.

--
"Can you keep a secret?"
"Well, I shouldn't really tell you this, but... no."


Please reply to the list;
please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Antony -

Thank you.

I have not tried the procedure on Active Web page. I want to know the options before uploading an htaccess file to a subdomain directory; I already have an .htaccess file loaded on the url "home" directory (i.e., www.xxx.com).

The hosting provider is StableHost, which deploys LiteSpeed, a commercial variant of Apache. I will post these queries on the LiteSpeed forum; thank you for the suggestion.


Joel

973 736 8306

________________________________
From: Antony Stone <Antony.Stone@apache.open.source.it>
Sent: Sunday, July 19, 2020 7:53 AM
To: users@httpd.apache.org <users@httpd.apache.org>
Subject: Re: [users@httpd] client removal of .htaccess file

On Sunday 19 July 2020 at 13:48:22, Joel wrote:

> Just to clarify, the remote "client" is the owner of the URL and has full
> access for purposes of uploading the html, css, etc. files to the server,
> as well as .htaccess files. At least one website states this can be done
> from the command line, but I'm not certain that's correct. See
> http://www.activewebhosting.com/faq/cgi-htaccess-change.html

a) Is Active Web Hosting the provider you are dealing with?

b) Have you tried following the instructions on that page to delete the file?

> Does the .htaccess file physically remain in the directory where it was
> initially loaded? Or, does the server remove, transfer, or otherwise
> dispose of the file?

Apache does not, but I think your question is best directed at your hosting
provider.


Antony.

--
"Can you keep a secret?"
"Well, I shouldn't really tell you this, but... no."


Please reply to the list;
please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On 19 Jul 2020, at 05:48, Joel <jm-hotmail@hotmail.com> wrote:
> Does the .htaccess file physically remain in the directory where it was initially loaded? Or, does the server remove, transfer, or otherwise dispose of the file?

Impossible for anyone else to answer this who is not in charge of the server.

Just as an example, one on server I had to deal with, the user could overwrite or delete .htaccess, but the system replaced it with the system-defined one any time the user did this.

In short, the host can do anything they want.




--
Forgive your enemies, but remember their names.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Thank you. I have posted a query on the LiteSpeed forum and will also ask StableHost directly.

Thank you all for your very prompt and helpful responses.


Joel

973 736 8306

________________________________
From: @lbutlr <kremels@kreme.com>
Sent: Sunday, July 19, 2020 8:44 AM
To: users@httpd.apache.org <users@httpd.apache.org>
Subject: Re: [users@httpd] client removal of .htaccess file

On 19 Jul 2020, at 05:48, Joel <jm-hotmail@hotmail.com> wrote:
> Does the .htaccess file physically remain in the directory where it was initially loaded? Or, does the server remove, transfer, or otherwise dispose of the file?

Impossible for anyone else to answer this who is not in charge of the server.

Just as an example, one on server I had to deal with, the user could overwrite or delete .htaccess, but the system replaced it with the system-defined one any time the user did this.

In short, the host can do anything they want.




--
Forgive your enemies, but remember their names.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Most '.htaccess' files ARE provided by host developers so that users have some security control over their site (being able to choose who or what to block is one case in hand) WITH 'write' access. Most sysadmins with access to root privileges don’t actually use them and format the directives directly by a 'directory by directory' configuration in apache config file (usually httpd.conf). So the usual use of them is for any user WITHOUT root access to the server and config files, so it’s a little out of the ordinary that you don’t have write or read access.
I wouldn’t recommend not having a basic '.htaccess' or having a dummy file, if you don’t have root access.

"Just because you’re paranoid doesn’t mean they are not all out to get you…"

> On 19 Jul 2020, at 12:32, Joel <jm-hotmail@hotmail.com> wrote:
>
> Thank you. I gather I will need to ask the server hosting entity (who has root access) to remove the file.
>
> Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?
>
> Joel
> 973 736 8306
>
> From: angel Hall-Coulston
> Sent: Sunday, July 19, 2020 7:18 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] client removal of .htaccess file
>
> Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:
>
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
> Require all denied
> </FilesMatch>
>
> And that’s prob why you can’t see it but CAN see the backup…
>
> "What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"
>
> > On 19 Jul 2020, at 11:57, Joel Miller <jm-hotmail@hotmail.com> wrote:
> >
> > Can one without server root access delete a previously uploaded .htaccess file? The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >

Thanks. I am guessing that I do have read/write access because I upload and remove the all of the files on the site, including .htaccess on the main branch. Further, after logging in via the command line, I was able to navigate anywhere I could otherwise go in the file manager in cPanel. Being on a shared server, I thus don't have root access or access to httpd.conf.

Since it's my site, I am the one who configured and uploaded the initial .htaccess file (after studying the Apache documentation for some time). The file includes a few redirects, 400/403/404 errors, etc. Since I rarely deal with this file, I am now relearning and further delving into the .htaccess configuration options for a subdomain that I'm building and wish to behave differently than the main site.

Thank you again for your time and assistance.


Joel

973 736 8306

________________________________
From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 3:12 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] client removal of .htaccess file

Most '.htaccess' files ARE provided by host developers so that users have some security control over their site (being able to choose who or what to block is one case in hand) WITH 'write' access. Most sysadmins with access to root privileges don?t actually use them and format the directives directly by a 'directory by directory' configuration in apache config file (usually httpd.conf). So the usual use of them is for any user WITHOUT root access to the server and config files, so it?s a little out of the ordinary that you don?t have write or read access.
I wouldn?t recommend not having a basic '.htaccess' or having a dummy file, if you don?t have root access.

"Just because you?re paranoid doesn?t mean they are not all out to get you?"

On 19 Jul 2020, at 12:32, Joel <jm-hotmail@hotmail.com<mailto:jm-hotmail@hotmail.com>> wrote:

Thank you. I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?

Joel
973 736 8306

________________________________
From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no? ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
Require all denied
</FilesMatch>

And that?s prob why you can?t see it but CAN see the backup?

"What?s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <jm-hotmail@hotmail.com<mailto:jm-hotmail@hotmail.com>> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file? The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<mailto:users-unsubscribe@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org<mailto:users-help@httpd.apache.org>
>