MyBB Community Forums

Full Version: 1.8.8 htaccess /admin/backups block not in htaccess.txt
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
It seems this slipped (?), since in the htaccess-nginx.txt i can see these 2 new blocks:
# Note: You are able to choose a different name in the Admin CP. If you've done that you need to change it here too
location ~ /error.log 
{ 
    deny all; 
}

# Note: You are able to rename the admin directory. If you've done that, you need to change it here too
location /admin/backups {
    deny all;
}

While in the htaccess.txt I can only see:
# Note: You are able to choose a different name in the Admin CP. If you've done that you need to change it here too
<Files "error.log">
    Order Deny,Allow
    Deny from all
</Files>
If you want to block that directory, it's easier to just put another .htaccess in there.

There's a reason the backup files have random filenames. It should not be possible to download any.

Unless you're fool enough to enable directory indexes.
I mean it looks like it's blocked in the nginx htaccess file but not in the apache htaccess file in the 1.8.8 release txt files. Shouldn't it be blocked in both?
It's there. admin/backups/.htaccess
Oh sorry now I get it. Thanks Smile
(2016-11-04, 10:36 AM)frostschutz Wrote: [ -> ]It should not be possible to download any.

Unless you're fool enough to enable directory indexes.

There's another way because Windows is stupid.
Rejecting this then