ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> ionCube 24 - NEW for 2015

Exclude files above webroot

Author Message
fasttrakker



Joined: 03 May 2013
Posts: 4
Location: United Kingdom

PostPosted: Fri Jan 08, 2016 6:55 pm    Post subject: Exclude files above webroot Reply with quote

A site I want to use ic24 with caches templates above the webroot. The problem is every time a page is cached it's triggering the protection, disabling that webpage.
The 'Add Trusted Files' setting is useless in this situation, and I cannot edit the code to add the exclusion key to every template cached, it's ioncubed. Is there any way to force an excluded directory or am I simply unable to use ic24?

Great idea thought, has already saved me once from the defacers already, a disgruntled (now former) member of staff.
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2756

PostPosted: Tue Jan 12, 2016 6:35 pm    Post subject: Reply with quote

Hi

Great news that your site was saved from a hacker by our system!

There is a php.ini setting that may help:

Code:

ic24.sec.trusted_include_paths


Here's the full documentation from the Loader User Guide.

Code:

INI entry: ic24.sec.trusted_include_paths ; no default

Purpose: List paths from where files can be included
and automatically trusted.

Example:

ic24.sec.trusted_include_paths = "/var/cache:/var/cache2"

Directories can be excluded from the list by prefixing
with a minus character `-`. e.g.

"/var/cache:-/var/cache/subdir"

This is useful if your site creates and/or modifies
files by itself from time to time, e.g. in a cache
directory, though we would recommend producing files
that include the exclusion key as an alternative.
Requests that *directly* access files from a trusted
include path will be blocked but the file itself
will not be blocked, so requests that use the file as
intended will still work.
See ioncube24.com for more details once signed up.


Note that in the current Loader 5.0.19, paths may not match correctly if there are
any symlinks within the specified paths, but they will if the last component of
a path is a symlink. This is fixed in the upcoming 5.0.20 Loader.
_________________
Community Admin
Back to top
View user's profile Send private message
fasttrakker



Joined: 03 May 2013
Posts: 4
Location: United Kingdom

PostPosted: Tue Jan 12, 2016 10:50 pm    Post subject: Douglas Reply with quote

Must be my unlucky day.

I tried your suggestion with no success. I also tried moving the templates cache back to the webroot and adding trust there, but I still get warnings for 'new files' every time a new template file is made, which happens every time a page is refreshed.

I'd really love to get this working, but because it's a live domain (WHMCS) I've had to disable blocking and will just have to watch my emails for now.

No symlinks.
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2756

PostPosted: Wed Jan 13, 2016 6:12 pm    Post subject: Reply with quote

The mechanism works so this could be a configuration issue. If you create a support ticket at https://support.ioncube.com and as a start, provide the php.ini file and a link to a phpinfo page in the ticket, support can get back to you with further information.
_________________
Community Admin
Back to top
View user's profile Send private message
fasttrakker



Joined: 03 May 2013
Posts: 4
Location: United Kingdom

PostPosted: Fri Jan 15, 2016 9:26 pm    Post subject: Reply with quote

Finally got it sorted, with the help of Ben.

Apparently configuration changes weren't being written to the php.ini correctly. I ended up undoing all the changes, completely deleted the domain, rebuilt it from a backup then set ic24 up again.

Exact same settings, with php.ini accepting changes and the template cache above the webroot.

Happy days, And thanks to everyone - really pleased it's sorted Very Happy
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube 24 - NEW for 2015 All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum