XF 1.1 .htaccess File Upload not working


Active member
If I remove URL Friendly totally, the uploading functionality will work again. If I add it back it will not. Its frustrating and I am using the one that comes with xenforo...

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
<IfModule mod_rewrite.c>
    RewriteEngine On
    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo
    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
I do not have mod security enabled and I still get problems. the $_FILES is always empty. Even on Avatars and Attachments.

Why is this happening? I am using Linux Ubuntu 10.04.3 LTS


XenForo developer
Staff member
If $_FILES is empty, then the uploads aren't even being passed to PHP. Sounds like an issue at the web server level.


Active member
No Mike thats not the problem I have tested this and fought with it for over 6 hours. The problem has to do with the Rewrite for URL Friendly. I even did a test script to see if it would even spit out anything (thats with the url rewrite)... I am not sure what is wrong... or why it did that...


Active member
Oh maybe that is what is the problem the flash loader. It works then it doesn't... What you mean by the directory login?

Also, I was not using the flash loader when I was testing with the .htaccess problem. I was using traditional input type="file" etc.


Active member
Okay that makes sense, now how would I allow suppose for example 'root' user account to that authorization list without having to prompt it? As in like to allow the server to bypass the auth?