In MODX 2.5.7, htaccess
was taken of the default list of accepted file types. This followed security reports where researchers would use the ability to create and edit files for Bad Things. While file types like .php were not allowed, htaccess
was in fact on the list.
This is usually fine, as long as you trust your admin users, and you are in fact aware that they have the ability to create .htaccess files. Following the reports the default was changed to make sure it's an opt-in behaviour, instead of opt-out. This seemed like a good balance between secure-by-default, while also allowing users to use the file manager for what it was intended. The change also does not affect upgrades, only clean installs.
The downside is that when you want to quickly enable friendly URLs in your site, and you need to create a .htaccess file for that, that you get an error.
If you've decided that indeed your administrators are trust-worthy, and you want to use the media manager in MODX to create your .htaccess files, here's how to allow that.
- Go to System (cog icon in the top right), and then System Settings
- Find the
upload_files
setting using the search, or by navigating to the "File system" area in the core namespace. - Add htaccess (without a dot) to the list
After those simple 3 steps, you can once again create .htaccess files.