Dot sign in the name of the directory

[Camila]

Hello! 

I have a question about locating the file to the directory of the Joomla site. 

The created directory has the dot sign ahead of its name .well-known and the file isn't reachable via the direct link whereas after deleting the dot sign the file can be opened in the browser. 

Could you please explain why this happens? Looking forward to your reply! 

Thanks for your help. 

[Hannes Papenberg]

Files with a leading dot are hidden on UNIX systems and thus Apache blocks access to that. This is not a Joomla issue, but how Linux etc work.

--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/joomla-dev-general/55f635a1-4ca2-4345-9d2a-4de36a21f4c9%40googlegroups.com.

[Roger at Gmail]

The .well-known folder is not where your website should be. It is an automatically created hidden directory often created by cpanel to store SSL discovery info, but in general it is the place where machine useable policy information is kept.

You absolutely shouldn’t be putting any files in there manually (unless you know what you are doing), nor should you be re-naming it without the dot.

.well-known should exist at the root of your web space alongside where all your joomla and other site files and folders are. Leave it alone, it is important and harmless.

 

To view this discussion on the web, visit https://groups.google.com/d/msgid/joomla-dev-general/CABY04BovVwx5nae4f9yro0eQnz2pp5syceqhhprDOeLi%3DL9AyQ%40mail.gmail.com.

[Camila]

Hello, Roger! Thanks a lot for your reply.

I'll explain what is the main aim of creating .well-known folder. This is needed to set up Apple Pay for the shopping cart (Ecwid) added to the Joomla site, there're a couple of steps to take:
1) Create a root folder .well-known (this folder wasn't present on the site before).

2) Upload the Apple Pay verification file to that folder

If everything is set up correctly the file should be reachable via the direct link https://terrashop.it/.well-known/apple-developer-merchantid-domain-association

Even if the verification file is added to the .well-known folder, it isn't possible to open it from the outside (404 response occurs). On the other side, when deleting the dot in the name of .well-known, the verification file can be opened https://terrashop.it/well-known/apple-developer-merchantid-domain-association

The problem is that for setting up the Apple Pay, the .well-known folder should contain the dot sign in it. 
May I ask you what am I doing wrong here? 

On Wednesday, March 11, 2020 at 2:17:42 AM UTC+4, Roger at Gmail wrote:

The .well-known folder is not where your website should be. It is an automatically created hidden directory often created by cpanel to store SSL discovery info, but in general it is the place where machine useable policy information is kept.

You absolutely shouldn’t be putting any files in there manually (unless you know what you are doing), nor should you be re-naming it without the dot.

.well-known should exist at the root of your web space alongside where all your joomla and other site files and folders are. Leave it alone, it is important and harmless.

On 10 Mar 2020, at 12:29, 'Hannes Papenberg' via Joomla! General Development <joomla-de...@googlegroups.com> wrote:

Files with a leading dot are hidden on UNIX systems and thus Apache blocks access to that. This is not a Joomla issue, but how Linux etc work.

'Camila' via Joomla! General Development <joomla-de...@googlegroups.com> schrieb am Di., 10. März 2020, 13:16:

Hello! 

I have a question about locating the file to the directory of the Joomla site. 

The created directory has the dot sign ahead of its name .well-known and the file isn't reachable via the direct link whereas after deleting the dot sign the file can be opened in the browser. 

Could you please explain why this happens? Looking forward to your reply! 

Thanks for your help. 

--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.

To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-general+unsub...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/joomla-dev-general/55f635a1-4ca2-4345-9d2a-4de36a21f4c9%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.

To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-general+unsub...@googlegroups.com.

[Sergio Manzi]

As Roger already explained, the .well-known folder is very likely to reside OUTSIDE your web hosting folders hierarchy with redirection to it handled by .htaccess (in case your server is using Apache, as it seems to be) and, depending on which hoster and/or control panel you're using, it MIGHT be that you, as a customer, don't have access to it.

I think you should talk about this issue with your hoster Welcome Italia.

Putting your file into a well-known (no leading dot) folder isn't doing anything good to you and possibly will expose information you should keep private (not sure about that...).

Cheers,

Sergio

To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/joomla-dev-general/35d3f3f6-5b3d-4cc6-b61b-5c49f88a41a1%40googlegroups.com.

[Sergio Manzi]

BTW, I think that the fact that the folder is hidden (leading dot) has NOTHING to do with the fact that you can't reach it.

Try renaming your folder to .well-hidden and access its content: I'm quite confident it will work...

[Polyna-Maude R-S.]

In fact, this file HAS to be accessible from outside. It's exactly how some service validate that you own this domain name. For example when using Let's encrypt (free SSL certificates) you can use this method of validating domain ownership (among other methods too).

First thing is that the default .htaccess file supplied with Joomla will allow you to request (and get served) a file if it exist as is on the file system. That's a reason why we always add the check for _JEXEC in the beginning of nearly every PHP file we create. This way we are safe against someone directly getting a PHP file executed out of the normal process.

However because on Unix most folder starting by the dot are not only hidden but also often used for storing personal configuration. As a preventive measure, the default configured by many hosting provider is to reject all request for files that start by a dot. For example you wouldn't want some getting direct access to your .htaccess or .htpasswd files !

The blocking of hidden folder is not done by the standard .htaccess file supplied by the Joomla distribution. This must be something done by your hosting provider. You can possibly bypass this by giving the proper directives in your .htaccess file. Look at the documentation on the Apache HTTPD project and contact your hosting provider if needed.

Good luck !