Unable to Download gz or tar files, Uploads Anti-Exploit Guard htaccess file

Home Forums BulletProof Security Pro Unable to Download gz or tar files, Uploads Anti-Exploit Guard htaccess file

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #786
    AITpro Admin
    Keymaster

    Email Question:

    I edited the .htaccess file in our uploads folder to remove the gz extension from the list so that people can download our .tar.gz files that we have on our site.  This allows those files to be downloaded now, but when they get saved to disk, the extension has changes to .tar.tar.

    Do you have any idea why this is happening and how I can fix it?

    Thanks,

    Answer:

    Please also remove the “tar” file type from the Uploads Anti-Exploit Guard .htaccess file.

    Email Response:

    That did it.
    Thanks!
    Kevin

    #6502
    AITpro Admin
    Keymaster

    Email Question:  

    Hello there,

    I am having problem with all the .tar.tz file download file from our website raima.com located at /home/xxxxx/xxxxx/wp-content/uploads/helloWorldSamples . The example url is http: //www.example.com/wp-content/uploads/helloWorldSamples/SQL14_lnx32.tar.gz

    However, it works for .zip file.

    I contacted my hosting and they replied me that it is a bullet proof security issue.

    Would you mind to explain me?

    Thanks
    Bhupendra

    #6514
    AITpro Admin
    Keymaster

    Update:  A new Uploads Anti-Exploit Guard (UAEG) Read Me First Sticky Topic has been created in the link below.

    http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

    To edit your Uploads Anti-Exploit Guard .htaccess file go to the B-Core htaccess File Editor tab page, click on the “Your Current Uploads htaccess File” tab and delete the file extension that you want to allow.  In this case delete gz and tar.

    (7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z|zip)

    After deleting gz and tar.

    (7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z|zip)
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.