Core: The admin panel always tells you that the htaccess file is not working.

@LukasReschke hey Lukas - can you please double check you implementation of the accessibiliy check? THX
@gladiac hey Andreas - just for the record: which version are you using? THX

The stable45 branch.

hey Lukas - can you please double check you implementation of the accessibiliy check? THX

This check was implemented by @karlitschek - mine only shows up in the installer.

The check is implemented in /lib/util.php on line 525.

Currently it just creates a file htaccesstest.txt in /data/ with the content testcontent, PHP then tries to open the file and if it works, it seems that the .htaccess is not working.

So, let's try a simple thing: Please create a file test.txt in /data/ (via SSH, FTP etc...) and then try to open it with your browser. (http://domain.tld/owncloud/data/test.txt)

If it shows an error: Good! - But then we need to check where the problem is.
If not: Your data is probably accessible from the internet and we need to check where your configuration problem is.

I don't have a .htaccess file in data/ and I don't see any code checking if it actually exists or creating it.

What I mean is that the code only checks if it is working or not. It doesn't warn you that a data/.htaccess file doesn't exist at all and you should probably create one with the following content:

Deny from all

We followed up in IRC.

It seems like the .htaccess don't get created if you upgrade from an older version. (oC 1 to 2 to 3 etc...)

I'll implement the creation of the .htaccess in the upgrading mechanism.

I am having the same problem as gladiac (Security Warning .htaccess not working in admin panel)

The solution for me was to manually delete /data//htaccesstest.txt. It was empty.

ishtaccessworking() in https://github.com/owncloud/core/blob/master/lib/util.php checks if the test file exists. If so, it returns false. That is bad, because in case of a forgotten case you ALWAYS get a wrong result. In case there really is another test running you get ONCE a wrong result.

How about deleting the file if it exists? Then the other function call will ONCE return a wrong value, however, you will never have a permanent error situation.

@gladiac This function should only check if access to the data directory is possible or not. There are a lot of different ways to restrict access depending on the used webserver, webserver version, used modules, httpd.conf, .htaccess and so on. So we can't know and control this always. But we want to check if _some_ protection is in place.
@robin: I think you did this code part. I'm not sure if the return false in line 587 is correct. Shouldn't this be return true ?

I thought we fixed it. The upgrade code didn't create the .htaccess file in the data directory.

@gladiac Ahh O.K. That's good that this fixes the error for you. But the question is still if our detection is working correctly. I will keep on investigating. :-)

The detection is working but it detects that it isn't working it should check if there is a .htaccess file, if not it should tell the admin that he should create the file and what content it should have.

checking if a .htaccess file exists is not helping. It's unclear if it is configured correctly, if apache is reading .htaccess files at all and if apache is used or some other webserver.
So my idea to actually check if data is readable via http or not is to try it.
We create a .htaccess file during install anyways. It's just completely unclear if it works in this setup or not

Frank you don't understand it.

The current check is correct and fine!!!!!

But if the check detects that you can still access the data/ directory you should tell the admin what to do.

a) Check if .htaccess exists, if not suggest to create one with content foo
b) Check if .htaccess exists, if it does tell him he needs to allow overrides
c) If he doesn't have apache, htaccess support he should check the documentation of this webserver how do disallow access to a certain directory.

Sure.
But case a) Should never happen because we create the file.
The problem with b) is that it can have a lot of different reasons why this i not working.
And it is difficult to distinguish b) and c)

So I agree. Better documentation would be great. I just don't know how :-)

Just give him some idea's where to look at. It took us a while to find out that on my server the .htaccess in the data/ directory was missing cause I always upgraded so it has been never created.

If we can't distinguish then tell him to look at the config if he needs to allow overrides on apache etc. If you can tell him what might be wrong people will know what to do or to look at.

I'm seeing this error as well on a Wheezy box. I've tried it both with i) /var/www/owncloud/data or ii) putting it in /www/htdocs/owncloud/data. For the latter, I've even deleted the installation created /var/www/owncloud/data.

As per @LukeOwncloud's comment, it seems that the htaccesstest.txt file should be deleted after the test is run; otherwise, the file stays in there and ownCloud continues to report that .htaccess isn't working, even if it is, until the htaccesstest.txt file is manually deleted.

I have also removed the /var/www/owncloud/data dir and also moved the actual data dir out of the webroot and just made sure that the .htaccess file exists on that dir (even though that does not have any effect as apache does not provide access to that dir at all). however I have this warning on my admin page all the time. would be nice to check if data dir is out of the webroot and dont show such a warning at all.

Hey guys I just installed Debian Wheezy and own cloud on an older computer and was having the same issue.
I fixed it by:
Debian: Go to Root Terminal and enter: service apache2 restart
Ubuntu: Press crtl+alt+t and enter: sudo service apache2 restart
refresh the page and it works just fine

After I moved data dir outsite web root in OC 7.0.2 I had to remove htaccesstest.txt from new data dir to disable security warning (Apache on Ubuntu Server 14.04.1 LTS).

I'm with Ryloguy.
Installed on Debian Wheezy.
Apache2 restart fixed it!

I got this error after upgrading to ownCloud 9.0.3 on Debian + Apache.

The same here. CentOS 7 + docker 1.11.2 + owncloud 9.0.3 (:latest) from https://hub.docker.com/_/owncloud

Same here after upgrading to ownCloud 9.0.3 (DigitalOcean Droplet)!

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.