Support Forum

  • Page:
  • 1

improved .htaccess and zengridframework J2.5+

zentoolsIf you use Zentools please post a review at the Joomla! Extensions Directory.

Hi guys,

I downloaded the .htaccess file found here

magazine.joomla.org/issues/Issue-June-2012/item/787-htaccess-File-That-FREAKIN-Works

and have been playing around with it. I have found that line #195 breaks the site if you are using zengridframework 2+ and have caching enabled for css and js:

RewriteRule ^(cache|includes|language|libraries|logs|tmp)/ - [F]

I KNOW NOTHING ABOUT THIS so I fumbled with some code to add around line #377 but I can't get it to allow access to cache/zengridframework - I tried this:

##JoomlaBamboo Zengridframework will not display css or js styles correctly if the cache folder access is blocked
RewriteRule ^cache\/zengridframework/ - [L]

but that didn't do it.

I did add this after line #363 just in case I needed it and I don't think it broke anything:

### Allow zengridframework to run
RewriteRule ^plugins/system/zengridframework\.php$ - [L]

But I did have to comment out the following within lines #397-403

## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed
#RewriteCond %{REQUEST_FILENAME} \.php$
#RewriteCond %{REQUEST_FILENAME} !/index[23]?\.php$
## The next line is to explicitly allow the forum post assistant(fpa-xx)script to run
#RewriteCond %{REQUEST_FILENAME} !/fpa-[a-z]{2}\.php
#RewriteCond %{REQUEST_FILENAME} -f
#RewriteRule ^([^/]+/)*([^/.]+\.)+php$ - [F]

What's you take on this?
Helen
  • Helen Nunley's Avatar
  • Helen Nunley
  • LIfetime Developer - Big Bamboo
  • 1024 posts
  • 3 Thanks
  • Karma: 7
Last Edit: 7 years 7 months ago by Helen Nunley. Reason: corrected line numbers
The administrator has disabled public write access.
Hi Helen,

I think this might be the case with any compression. Do you get the same htaccess issues with other compressors like Rokbooster etc?

Thanks
  • Anthony Olsen's Avatar
  • Anthony Olsen
  • LIfetime Developer - Big Bamboo
  • 23925 posts
  • 788 Thanks
  • Karma: 433
The administrator has disabled public write access.
Hi Anthony,

Would you recommend to use RokBooster with your Zen Grid Framework?

Regards,
Joseph
Anthony Olsen wrote:
Hi Helen,

I think this might be the case with any compression. Do you get the same htaccess issues with other compressors like Rokbooster etc?

Thanks
  • Joseph M's Avatar
  • Joseph M
  • 12 Month basic
  • 193 posts
  • Karma: 0
The administrator has disabled public write access.
Hi Anthony,

I don't want to add a different compression element in here other than yours. ;) I like remaining zen B) So I am trying to allow access to that cache file thinking that it might work if I can get the code right. But since there is more than one line that influences things, I am trying to do this one line or batch at a time and the first time it threw the template was at line #195 since the compressed files are stored in the cache. If I remove just the cache part from line #195 then it displays the template correctly.

Helen
  • Helen Nunley's Avatar
  • Helen Nunley
  • LIfetime Developer - Big Bamboo
  • 1024 posts
  • 3 Thanks
  • Karma: 7
The administrator has disabled public write access.
This is a bit strange because the .htaccess file manages external requests for resources rather than internal ones.
It might be happening if the full url for the cache file is used rather than a relative one.

You could try whitelisting your own domain by adding this line after the one that is breaking the site:
# allow linking from the following site
RewriteCond %{HTTP_REFERER} !^http://(www\.)?goodsite\.com/.*$ [NC]
  • Robert Went's Avatar
  • Robert Went
  • Moderator
  • 2210 posts
  • 196 Thanks
  • Karma: 90
The administrator has disabled public write access.
Hi robwent,

If I whitelist my own domain, is that like allowing my entire cache file? I don't want to do that.

Helen
  • Helen Nunley's Avatar
  • Helen Nunley
  • LIfetime Developer - Big Bamboo
  • 1024 posts
  • 3 Thanks
  • Karma: 7
The administrator has disabled public write access.
It means that your own domain will have access to the file but it can't be accessed directly by any other sites or ip addresses.

It may not work though as there are a lot of rules in that file.
  • Robert Went's Avatar
  • Robert Went
  • Moderator
  • 2210 posts
  • 196 Thanks
  • Karma: 90
The administrator has disabled public write access.
Interesting. I will work on this some more. Thanks.

Any other suggestions are welcome!
  • Helen Nunley's Avatar
  • Helen Nunley
  • LIfetime Developer - Big Bamboo
  • 1024 posts
  • 3 Thanks
  • Karma: 7
Last Edit: 7 years 7 months ago by Helen Nunley.
The administrator has disabled public write access.
You could just allow the framework cache folder. Ive done that before and it works fine.

Htaccess is a dark art to me though :P

@exoduser Ive used it before with some templates and it works fine. You just need to disable our own caching and compressing. The benefit of a plugin like that is that all css and js are combined into separate files whereas the framework compression only handles the core framework files.

Hope that helps.
  • Anthony Olsen's Avatar
  • Anthony Olsen
  • LIfetime Developer - Big Bamboo
  • 23925 posts
  • 788 Thanks
  • Karma: 433
The administrator has disabled public write access.
forgot to follow up...

I did this and it works:

########## End - Advanced server protection - query strings, referrer and config
## Disallow front-end access for certain Joomla! system directories
RewriteRule ^includes/js/ - [L]
RewriteRule ^cache/zengridframework/ - [L]
RewriteRule ^(cache|includes|language|libraries|logs|tmp)/ - [F]

Evidently, the same line I tried previously just had to occur further up the list. :)
  • Helen Nunley's Avatar
  • Helen Nunley
  • LIfetime Developer - Big Bamboo
  • 1024 posts
  • 3 Thanks
  • Karma: 7
The administrator has disabled public write access.

zentoolsIf you use Zentools please post a review at the Joomla! Extensions Directory.

Happy Campers