Laravel htaccess settings and captcha plugin

ℹ️ Support
1

Hi,

I’ve a problem similar to the one described here https://discuss.phplist.org/t/how-to-get-captcha-running/2098 in my case, I think I can’t access the secureimage resources because the Laravel htaccess settings are these:

`php_flag opcache.enable Off

<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

RewriteEngine On

RewriteCond %{SERVER_PORT} !^443
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R,L]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

`

in my opinion the problem is related with the # Handle Front Controller rules, in fact if I try to reach http://www.mysite.com/securimage/securimage_show.php I get a 403 error , and this is normal because securimage_show.php is not index.php.

So, my question is this: How I can add an exception for the securimage folder in my htaccess?

[edit]
I’m pretty sure that an .htaccess with those rules prevent the access to any php file located in a directory that is not index.php , so I need to set an exception not only for the secureimage folder but for the entire folder where I installed phplist. Any Idea?
[/edit]

2

@Franc3sc0 Your explanation is a bit confusing. Does phplist work with that htaccess file?

3

phplist works fine, but I can’t use the CAPTCHA plugin, and I think that this issue is related with the settings of my htaccess

4

@Franc3sc0 I don’t see how securimage is different to phplist.

For example the phplist url http://www.mysite.com/lists/lt.php isn’t really any different to http://www.mysite.com/securimage/securimage_show.php

5

good point, if I try to visit http://www.mysite.com/securimage/README.md I see the file, but if I try to visit http://www.mysite.com/securimage/securimage_show.php I get a 403 error, is this problem caused by lack of permissions?

6

@Franc3sc0 You could try removing that block from the htaccess file to see whether that has any effect. Otherwise, are you sure that there are not any other htaccess files or whether the master apache config file has any restrictions?

7

I tried to remove that block but without success, under the root directory of phplist I’ve this .htaccess that contains some restrictive rules:

http://www.francescoparisionline.it/htaccess.txt

I’m wondering if this <FilesMatch "(index.php|dl.php|ut.php|lt.php|download.php|connector.php)$"> is the part that causes the 403 error when I try to access to: securimage/securimage_show.php

8

@Franc3sc0 Can you please be clearer as to the layout of your web site. Is that htaccess file really at the root level?
You will probably be better off raising this problem with your hosting company, as they will be able to view the web server access logs.

9

the directory structure of my web site is this

  • www
    – phplist/lists
    – any_other_directory
    – any_other_file

this htaccess http://www.francescoparisionline.it/htaccess.txt is the standard htaccess of phplist, secureimage was present at the same level of phplist. For security reasons the rules contained in that htaccess limit the possibility to directly access any php file excepting for index.php | dl.php | ut.php | lt.php | download.php | connector.php .

Some few minutes ago, I tried to move the secureimage folder in another position:

  • www
    – phplist/lists
    – secureimage
    – any_other_directory
    – any_other_file

in this moment I can access securimage_show.php https://demetrionaccari.it/securimage/secureimage_show.php , I also tried to write a simple test script here demetrionaccari.it/securimage/test.php

`

<?php require_once 'securimage.php'; echo Securimage::getCaptchaHtml(); ?>
`

Unfortunately when I call secureimage show.php with a querystring I get a 404 error demetrionaccari.it/securimage/securimage_show.php?f87b28a9ff79e5a06a57a59bdd90efff

I don’t know, maybe it’s a bug

10

This is the way that I thought you had initially. In your first post you used the url http://www.mysite.com/securimage/securimage_show.php

Isn’t this what you want?

11

Not exactly I also need to call secureimage_show.php from HTML forms using the class secureimage.php , anyway it’s clear that I need to debug what happens in my enviroment to set appropriately the necessary parameters

Regarding the url mysite.com, I’m sorry I used it as an example, just to say my_site.com, I wasn’t aware of its actual existance.