k4lch wrote:Revoredo
Godaddy recently upgraded php to php5.25 uncomment Options +FollowSymLinks if you removed the + added it back now.
un comment #Rewritebase /
Fiona
try reloading the admin directory to server us binary mode only
***
Thanks, Fiona. This is very interesting, as it is new information from what I've read.
I'm in the midst of waiting for a cache update now, so I will respond with news once I've implemented your suggestion. However, let me get this straight:
I am reverting to the original .htaccess file created from the renamed, original htaccess.txt
This file will retain the "+" in the "Options +FollowSymLinks" line. Also, I will uncomment "#Rewritebase /" by removing the "#" from the head of the line. The remainder of the code will be original (included below for your reference). I don't see it being a problem since I'm not currently using a third party.
So I take it everything I described was familiar to you? I called GoDaddy a few times but didn't get this suggestion. Then again, they're not liable for supporting user code. I'm not discouraged yet from continuing to use them... but this does give me pause. One last thing... since I am a noob, how do I reload the admin to server us binary mode only?
Thanks again!
EXISTING HTACCESS CODE:
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla!/MamboDirectory (just / for root)
RewriteBase /
########## Begin - Joomla! core SEF Section
############# Use this section if using ONLY Joomla! core SEF
## ALL (RewriteCond) lines in this section are only required if you actually
## have directories named 'content' or 'component' on your server
## If you do not have directories with these names, comment them out.
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
RewriteRule ^(content/|component/) index.php
#
########## End - Joomla! core SEF Section
########## Begin - 3rd Party SEF Section
############# Use this section if you are using a 3rd party (Non Joomla! core) SEF extension - e.g. OpenSEF, 404_SEF, 404SEFx, SEF Advance, etc
#
#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
#RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule (.*) index.php
#
########## End - 3rd Party SEF Section
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits