Hello,
I have several older installations of Silverstripe (2.4.5 and similar) on a shared server setup. Recently (I assume after a server upgrade) the 'Files and Images' section of the site stopped working - images could not be uploaded. Just a message saying 'the connection was reset' in Firefox.
After help from the hosting IT department, it was discovered that altering the .htaccess file in the Assets folder by removing the 'Deny from all' section fixed the issue:
...
Deny from all
<FilesMatch "\.(html|htm|xhtml|js|css|bmp|png|gif|jpg|jpeg|ico|pcx|tif|tiff|au|mid|midi|mpa|mp3|ogg|m4a|ra|wma|wav|cda|avi|mpg|mpeg|asf|wmv|m4v|mov|mkv|mp4|swf|flv|ram|rm|doc|docx|txt|rtf|xls|xlsx|pages|ppt|pptx|pps|csv|cab|arj|tar|zip|zipx|sit|sitx|gz|tgz|bz2|ace|arc|pkg|dmg|hqx|jar|xml|pdf)$">
Allow from all
</FilesMatch>
...
I'm not sure what is happening here. The file hasn't changed. I assumed the second part of the text (FilesMatch) was overriding the Deny section. Do newer versions of Apache interpret the rules differently?
Also, how much of a security issue is my commenting out the 'Deny from all'?
Thanks for any help with this.