Hi guys,--
mod_pagespeed is great, we've run it on our websites & servers for years.
As part of securing the WordPress installations we host, we choose to restrict filetypes in the /wp-content/uploads directory with a .htaccess rule:
Order Allow,Deny
Deny from all
<Files ~ ".(css|jpe?g|png|gif|js|swf|html|htm|eot|woff|ttf|svg|doc|docx|xls|xlsx|ppt|pptx|pdf|map)$">
Allow from all
</Files>
However when this restriction meets mod_pagespeed there's a 403 error, chucking "Client denied by server configuration" into the log specifically when the filename has the word 'pagespeed' in it.
For example:
/wp-content/uploads/somefile.pagespeed.ic.Msyc11AVIFi.jpg
will 403 error, whilst:
/wp-content/uploads/somefile.ic.Msyc11AVIFi.jpg
doesn't.
After some testing, I can see that it still affects the site even when mod_pagespeed is turned off at .htaccess and/or vhost level.
It appears mod_pagespeed is processing the request before Apache looks at the vhost.
Any ideas how I can get these restrictions to work with mod_pagespeed please?
Thanks in advance,
Chris
You received this message because you are subscribed to the Google Groups "mod-pagespeed-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mod-pagespeed-di...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mod-pagespeed-discuss/c98b03cc-7de4-4949-a8e3-e390549492b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "mod-pagespeed-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mod-pagespeed-di...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mod-pagespeed-discuss/df56d0e2-f75e-466b-ad72-8fa54e364062%40googlegroups.com.
Order Allow,Deny
Allow from all
<Files ~ ".(php[0-9]?|sh|cgi|phtml|pl|py|pyc|pyo)$">
Deny from all
</Files>
<Directory /home/me/www/upload/>
# Important for security, prevents someone from
# uploading a malicious .htaccess
AllowOverride None
SetHandler none
SetHandler default-handler
Options -ExecCGI
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
<Files *>
AllowOverride None
SetHandler none
SetHandler default-handler
Options -ExecCGI
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
</Files>
</Directory>
--
You received this message because you are subscribed to the Google Groups "mod-pagespeed-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mod-pagespeed-di...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mod-pagespeed-discuss/1addbdb7-681d-4285-bdf9-f5e75a66ffd5%40googlegroups.com.