Remove .htaccess from ignored file list

[nanonettr]

.htaccess should be synced when enabling Synchronize hidden files.

Reference : owncloud/client#5701

[Square252]

That could override nextclouds server configuration and possibly break the file folder. Very bad idea. You could rename this file to DOT.htaccess and rename it when uploading the files to the productive webserver if its not too much PITA... But if there are more than one htaccess file this can be annoying, i understand.

[adriansuter]

OwnCloud made that step. Check owncloud/client#6144

Maybe it would be nice to allow an administrator to activate/deactivate the .htaccess file from the ignore list. For example if the data-directory lies outside of the web-accessible folder.

[superDuperCyberTechno]

I use Nextcloud extensively to synchronize web projects across machines (usually containing .htaccess files), so this is a pretty significant annoyance especially when you pair it with git and git constantly thinks I deleted the .htaccess file every time I'm not using the machine I originally created the project on...

A simple solution would be to simply prepend a string to the ignored file prior to upload, removing the string again on download...? Maybe even hiding the string from the web interface making it completely seamless for the end user.

[ludgart]

Hello,

for all people they need to allow the .htaccess file.

Follow this steps:

1. Download the owncloud client
2. Edit following files on your nextcloud server
   2.1. https://github.com/owncloud/core/blob/f10d105ea2f2d0822693313ddcd6f9b2eaac6ebe/lib/private/Files/Filesystem.php#L643
   2.2. https://github.com/owncloud/core/blob/c9f5fce1777a96a8e2f09ea54fbcbed90cd1925f/apps/files/lib/Capabilities.php#L61
3. Done :)

Be careful your data folder should not hosted on your web server. Move it to e.x /home
You can change the data folder path in the config/config.php

Have fun.

[Terrox]

So is there a real solution for this yet which will survive an update? I develop websites and .htaccess is a part of that. I want to use Nextcloud to store and sync my dev work but I can't feel comfortable with unexpected file deleting going on and I don't want to be constantly on alert for missing data.

I do have my data folder outside web path so it could be just a tickbox in the admin somewhere "Do not block .htaccess" and the nextcloud server could check of the /data/ path is relative to site root and Disable the option with warning "Security warning: Do not allow .htaccess files if the /data/ folder is in your web path".

[despens]

I think administrators should have the power to edit the file ignore list via the web interface, given they know what they are doing. Which could include:

• not using apache web server
• using apache but locating the data directory outside of the web server's root

[rafleo]

+1

Nextcloud could also rename the file for security reasons (e.g. .htaccess-SAFE) but display and download it as .htaccess in clients and the web interface.

Manually renaming a file before uploading it is a massive pain if you're a web dev with lots of sites to sync, plus Windows won't easily allow renaming the files back to .htaccess (as the files lack a proper filename).

[richardfleming]

I was going to jump on the bandwagon as I have a bunch of old projects that have .htaccess files as well, but realized that these project files shouldn't be left loose like this anyway and should be stuck in a version control system where their changes can be tracked.

Since I host my own NextCloud instance, I'm going to either move my old projects to a self-hosted GitLab CE server or perhaps utilize BitBucket or GitLab private repositories and move my old projects there. In all honesty, this is the best solution.

[Terrox]

So that means we can't do web dev work or copy web dev data through nextcloud?

[richardfleming]

I used to use dropbox for webdev before I clued into git. Git makes it so much better to track versions of files, role back, experiment with new code and all other stuff without having to keep separate copies of everything.

Yes, you can use Nextcloud for webdev work, but it's really not the right tool. Nextcloud is used for my docs, and pictures, and that sort of sundry... Git is used for all webdev source code. (BitBucket and GitLab offer free private repositories).

Rich

[rafleo]

While Git or SVN is a better tool for backing up web work, yes, I believe we're missing the point here. There are always arguments to be made for both sides (e.g. wanting to share a private link to a web project without the users having to register anywhere) and reasons behind why someone uses a specific tool and not another one.

The point is: we want and expect Nextcloud to sync files, and in this case, it doesn't - for no good reason. I say "no good reason" because owncloud has a solution to this and there's multiple ways to solve it.

And while we as developers understand why Nextcloud ignores .htaccess files in the first place, novice users might not - and that's a problem. Especially, if you remove .htaccess from the ignored file list.

[caillou]

This issue seems to relate to the following server issue: nextcloud/server#13831

[epma01]

I don't know in old versions, but working ok with:
Nextcloud Client: 2.5.1. -> Enabled "Synchronize hidden files"
Nextcloud Server: 15.0.7.0. -> Added to server file /config/config.php next line:
'blacklisted_files' => array(),

[SamSirry]

Please see my suggestion for a better solution here:
nextcloud/server#13831 (comment)

[joshtrichards]

.htaccess was removed from the client's built-in ignore list prior to this issue being opened here:

4697f02

It's actually the same change mentioned in the referenced owncloud/client#5701

If you can't upload .htaccess files it's due to the server-side blacklist mentioned elsewhere in this issue. Feel free to adjust it at your discussion (it's in the Server docs if you need more details).

Closing this out.

[C0rn3j]

One can simply empty the default blacklist array in config.php to let the client sync the files:

'blacklisted_files' => array(),

Thanks to https://help.nextcloud.com/t/solved-upload-htaccess-on-php-fpm/51913/2

EDIT: This requires extra configuration for Apache, other webservers ignore the file.

[SamSirry]

empty the default blacklist array

The problem lies in how the webserver interacts with and handles the special file .htaccess.
If this file is allowed to be controlled by the user it can create serious security backdoors to the whole server.

Your suggestion should absolutely not be attempted on a production system, unless the webserver settings are changed so that it doesn't treat .htaccess as a special file.

[C0rn3j]

Absolutely correct, IF you use Apache, which I do not.

Forgot to put that disclaimer there though, thanks for the catch.

[Terrox]

Isn't it only a problem when the data directory is within the web root? So only needs to be blocked in that situation?