IRC log of #dokuwiki @ irc.freenode.net

For Monday, 24 February 2020

  1. quit
    chomwitt (~chomwitt@2a02:587:dc33:e400:90dc:9c58:ac86:8536) has quit (Ping timeout: 240 seconds)
  2. quit
    albinou (~albinou@2a01cb00053f05200000000000000107.ipv6.abo.wanadoo.fr) has quit (Ping timeout: 240 seconds)
  3. join
    baker (~baker0052@p5B34FC4C.dip0.t-ipconnect.de) has entered the channel
  4. quit
    baker0052 (~baker0052@p5B34FC4C.dip0.t-ipconnect.de) has quit (Ping timeout: 258 seconds)
  5. quit
    harish (~harish@27.125.147.104) has quit (Ping timeout: 272 seconds)
  6. message at
    #dokuwiki
    Unfortunately I have to leave you now. So don't do anything silly while I'm not here.
  7. message at
    #dokuwiki
    Unfortunately I have to leave you now. So don't do anything silly while I'm not here.
  8. join
    dokubot (~irclog@piggy.dokuwiki.org) has entered the channel
  9. quit
    Emmanuel_Chanel (~Emmanuel_@ZN023092.ppp.dion.ne.jp) has quit (Quit: Leaving)
  10. join
    Emmanuel_Chanel (~Emmanuel_@ZN023092.ppp.dion.ne.jp) has entered the channel
  11. quit
    trebmuh (~Olivier@2a01:cb11:416:ed00:4663:d0e6:1f2c:97ce) has quit (Quit: Parti)
  12. part
    kingsley (~kingsley@97-113-170-144.tukw.qwest.net) has left the channel (#dokuwiki) with message '"Leaving"'
  13. join
    chomwitt (~chomwitt@2a02:587:dc33:e400:90dc:9c58:ac86:8536) has entered the channel
  14. join
    louigi (~louigi@80.82.202.196) has entered the channel
  15. quit
    chomwitt (~chomwitt@2a02:587:dc33:e400:90dc:9c58:ac86:8536) has quit (Ping timeout: 272 seconds)
  16. message at
    louigi
    Folks, hi!
  17. message at
    louigi
    I have a question about security
  18. message at
    #dokuwiki
    louigi, just ask your question and stay in the channel for a while.
  19. message at
    louigi
    My dokuwiki tells me my setup is not secure. I suspect because my apache is not using htaccess. The security page on the wiki says that one can do it manually. is there a way to secure the folders without fiddling with htaccess?
  20. message at
    louigi
    Both the hosting provider and apache website itself actually argues against using it due to performance concerns
  21. join
    chomwitt (~chomwitt@2a02:587:dc41:a900:90dc:9c58:ac86:8536) has entered the channel
  22. quit
    baker (~baker0052@p5B34FC4C.dip0.t-ipconnect.de) has quit (Ping timeout: 260 seconds)
  23. join
    baker0052 (~baker0052@p5B34FC4C.dip0.t-ipconnect.de) has entered the channel
  24. quit
    chomwitt (~chomwitt@2a02:587:dc41:a900:90dc:9c58:ac86:8536) has quit (Ping timeout: 240 seconds)
  25. join
    chomwitt (~chomwitt@2a02:587:dc41:a900:b0ab:d710:68a3:eb62) has entered the channel
  26. join
    Chewie9999 (~Chewie@2a00:f18:27::2) has entered the channel
  27. message at
    Chewie9999
    Hi everyone, does anyone know what to do about plugins that say they have updates available, and when you click "update", it says "plugin xxxx updated successfully", but the update is still showing as available?
  28. quit
    chomwitt (~chomwitt@2a02:587:dc41:a900:b0ab:d710:68a3:eb62) has quit (Ping timeout: 252 seconds)
  29. join
    chomwitt (~chomwitt@2a02:587:dc41:a900:692d:80fc:cee5:accf) has entered the channel
  30. quit
    louigi (~louigi@80.82.202.196) has quit (Quit: WeeChat 1.9.1)
  31. quit
    chomwitt (~chomwitt@2a02:587:dc41:a900:692d:80fc:cee5:accf) has quit (Ping timeout: 252 seconds)
  32. join
    chomwitt (~chomwitt@2a02:587:dc41:a900:4c43:1b39:39fa:3451) has entered the channel
  33. quit
    chomwitt (~chomwitt@2a02:587:dc41:a900:4c43:1b39:39fa:3451) has quit (Ping timeout: 240 seconds)
  34. join
    chomwitt (~chomwitt@2a02:587:dc41:a900:14b8:4461:4e9:87fa) has entered the channel
  35. join
    theoceaniscool (~theoceani@139.47.76.19) has entered the channel
  36. quit
    chomwitt (~chomwitt@2a02:587:dc41:a900:14b8:4461:4e9:87fa) has quit (Ping timeout: 252 seconds)
  37. join
    chomwitt (~chomwitt@2a02:587:dc41:a900:cc29:f513:2e00:d843) has entered the channel
  38. join
    louigi (~louigi@ipservice-092-218-119-015.092.218.pools.vodafone-ip.de) has entered the channel
  39. message at
    louigi
    Hey folks!
  40. message at
    louigi
    Can someone please help me with security?
  41. message at
    louigi
    Running an Apache server and trying to secure all the necessary folders
  42. message at
    louigi
    Ok, I think I did it simply by changing the AllowOverride to All from None. Restarting apache2 did the trick and the security warning in the admin section disappeared. I can also no longer access /data and pages from the web!
  43. message at
    PiRATA
    great
  44. message at
    louigi
    It was a bit scary, because editing such things - one small error, you know
  45. message at
    louigi
    :D
  46. message at
    PiRATA
    conf/ and data/ should not be accessible
  47. message at
    louigi
    PiRATA: they are not, although vendor is
  48. message at
    louigi
    In the security tips on the website it does say that it's not good to have it available
  49. message at
    PiRATA
    yup
  50. message at
    louigi
    PiRATA: But the htaccess file should cover all that, right?
  51. message at
    PiRATA
    or your vhost conf
  52. message at
    PiRATA
    yes
  53. message at
    louigi
    PiRATA: should it be called .htaccess.dist or should I rename it to .htaccess? Actually, I think according to what I've seen in apache2.conf it shouldn't matter
  54. message at
    louigi
    But then if data and conf are inaccessible, but vendor still is, what could be wrong?
  55. message at
    PiRATA
    just .htaccess
  56. message at
    louigi
    PiRATA: renamed, but access to vendor is still there. Should I post a question to the forum?
  57. message at
    PiRATA
    share your conf
  58. message at
    PiRATA
    I'm not using apache but will try to help
  59. message at
    louigi
    PiRATA: It's just standard htaccess that comes with the installation, I changed nothing. https://pastebin.com/Br5SiGi7
  60. message at
    PiRATA
    ah, you can use:
  61. message at
    PiRATA
    <LocationMatch "/(data|conf|bin|inc|vendor)/">
  62. message at
    PiRATA
    Order allow,deny
  63. message at
    PiRATA
    Deny from all
  64. message at
    PiRATA
    Satisfy All
  65. message at
    PiRATA
    </LocationMatch>
  66. message at
    PiRATA
    that should work
  67. message at
    louigi
    PiRATA: Do I paste it right in there?
  68. message at
    PiRATA
    yup
  69. message at
    louigi
    I did see that option, but I thought this was for the apache2.conf ...
  70. message at
    PiRATA
    works both ways I think
  71. message at
    louigi
    PiRATA: Okay, thank you, will try
  72. message at
    louigi
    PiRATA: nope, probably should be done in apache2.conf. Will read up more about it. Doing it in htaccess actually causes an internal server error
  73. message at
    PiRATA
    humm, try under vhost confs then
  74. message at
    louigi
    Will do, ty
  75. message at
    louigi
    gotta run now, ty for help and advice!
  76. quit
    louigi (~louigi@ipservice-092-218-119-015.092.218.pools.vodafone-ip.de) has quit (Quit: WeeChat 0.4.2)
  77. message at
    PiRATA
    nop
  78. message at
    PiRATA
    cya soon
  79. quit
    chomwitt (~chomwitt@2a02:587:dc41:a900:cc29:f513:2e00:d843) has quit (Ping timeout: 252 seconds)
  80. join
    chomwitt (~chomwitt@2a02:587:dc41:a900:c00:6968:691a:a96c) has entered the channel