Allow upload of htaccess files?


I’m not sure it’s a good idea. I sometimes program websites that also contain .htaccess files.
I would like to transfer these files to my server, but so far this is disabled by oC itself for security reasons.

The data directory is not in the web root directory, but was created with

<Directory /media/owncloud/data>
    Options Indexes FollowSymLinks
    AllowOverride ALL
    Require all granted

in /etc/apache2/apache2.conf to the web server.

As far as I know, there is no danger if I allow the .htaccess upload in the config, or am I missing something here?


After reading up on the official .htacccess-file documentation, I think whenever you upload a .htaccess to your ownCloud with your current Directory configuration the configuration inside the .htaccess file would be applied in that directory. Which I think could be problematic, but that obviously depends on the type of directives you set in there.

Not sure at the moment if it is possible to change it to AllowOverride None for the data Directory, but I think it should be by applying the configuration in data/.htaccess directly in the apache configuration (but I haven’t tested this).

Otherwise a quick workaround could be to only upload zipped (or tared) websites, some file managers have a pretty seamless integration of these files. But I also understand that this could be problematic for your workflow.

Personally I would count websites as code and not data and therefore use a tool that is designed for handling that, for example git.


1 Like