1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XenForo Permissions

Discussion in 'Server Configuration and Hosting' started by Charlie J, May 13, 2015.

  1. Charlie J

    Charlie J Active Member

    Hello,
    I am having issues on XenForo where I don't have permissions to go to places, I contacted my host and they said that I can do this myself by going to /etc/Apache

    Could anybody tell me what permissions I need to add for Xenforo as I also have sub folders in my Xenforo I don't want others to access.

    The following error occurred:
    Forbidden
    You don't have permission to access /library/XenForo/index.php on this server.

    Apache/2.2.15 (CentOS) Server at Myurl port 80
     
  2. Charlie J

    Charlie J Active Member

    Could anyone help me with the rules I have to use for Mod_Security and where I put them
     
  3. Tower

    Tower Active Member

    Code:
    #    Mod_security can interfere with uploading of content such as attachments. If you
    #    cannot attach files, remove the "#" from the lines below.
    #<IfModule mod_security.c>
    #    SecFilterEngine Off
    #    SecFilterScanPOST Off
    #</IfModule>
    
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 405 default
    ErrorDocument 406 default
    ErrorDocument 500 default
    ErrorDocument 501 default
    ErrorDocument 503 default
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        #    If you are having problems with the rewrite rules, remove the "#" from the
        #    line that begins "RewriteBase" below. You will also have to change the path
        #    of the rewrite to reflect the path to your XenForo installation.
        RewriteBase /
    
        #    This line may be needed to enable WebDAV editing with PHP as a CGI.
        #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
        RewriteRule ^.*$ index.php [NC,L]
    </IfModule>
    I use mod security on centos as well. This going in your main folder ".htaccess" basically the folder where admin.php is.
     
  4. Charlie J

    Charlie J Active Member

    This looks similar to my existing .htaccess file, however it says I don't have Permission, that has something todo with mod security

    EDIT: Dw it works :D
     
    Last edited: May 14, 2015
  5. Brogan

    Brogan XenForo Moderator Staff Member

    As has been communicated to you several times, if you don't know how to set up and configure a server, you shouldn't be with an unmanaged host.

    I would recommend switching back to a managed service or employing a sysadmin.
     
  6. Charlie J

    Charlie J Active Member

    Nah I prefer dedicated due to then I can learn this stuff along the way, the .htaccess file works :D how can I block a certain folder containing say sensitive data so only certain people can see it which would be me
     
  7. Tower

    Tower Active Member

    Its understandable Charlie, we all have to learn somehow. Anyways, in my internal_data folder i have this in the .htaccess

    Code:
    Order deny,allow
    Deny from all
     
    Charlie J likes this.
  8. Charlie J

    Charlie J Active Member

    I am using Linux Centos 6.6, could you tell me what that does and where it is located.
     
  9. Tower

    Tower Active Member

    I also use Linux Centos 6.6 which I have mentioned before, it doesnt really matter what linux version you are using, just the apache version. Anyways, read this http://httpd.apache.org/docs/2.2/howto/access.html
     
  10. Charlie J

    Charlie J Active Member

    EDIT: ignore this, thanks for the link, does this link with mod security?
     
  11. Tower

    Tower Active Member

    Mod Security is a firewall, these directives pertain to apache which are completely different.
     
  12. Charlie J

    Charlie J Active Member

    Oh ah gotcha, where do I put the data from the link u sent me?
    Eg
    Deny from all
    Do I make a file inside the directory I wish to block?
     
  13. Tower

    Tower Active Member

    You create a .htaccess file and put what you wish in it. You may have to create it as a .txt file but then when you upload it just rename it to ".htaccess"
     
  14. Charlie J

    Charlie J Active Member

    Can I do that per directory? Because remember I have one of those files in my root
     
  15. Tower

    Tower Active Member

    Yes
     
  16. Charlie J

    Charlie J Active Member

    Omg thanks so much, very appreciated :) I have learned this now for future reference.
     
    Tower likes this.

Share This Page