Unable to upload/sync .htaccess files

GaRv3 · March 17, 2025, 10:08am

Why is this being ignored? The solution by @SamSirry seems possible. Just change the setting in the Apache config and bulk rename all .htaccess files. Shouldn’t this be easy?

Donald_P · March 21, 2025, 6:43am

The ‘excluded_directories’ => ` suggested everywhere does not work with .htaccess, at least not in the version I have installed.

The file /lib/private/Files/Filesystem.php has an explicit hardcoded block for .htaccess. Search for .htaccess in that file and blank it out. This finally made it work for me.

Nowhere online had this information which is crazy. Do make sure you know what you are doing though, probably never do this if you have anybody else using your install. I can’t tell you it won’t cause problems but we have the right to screw ourselves over, do we not?

Zentheon · March 31, 2025, 5:18am

Absolute legend. Worked like a charm.

I’m not sure on the specifics of webDAV and clients implementing it, however, I use Caddy as a webserver, which obviously doesn’t implement htaccess files. This would be, in theory, a safe scenario for allowing those files.

I’ve been working on a custom Nextcloud Compose stack that implements a bunch of custom configuration for some time now. I may add this to it, though the library file override in particular seems like a challenge considering updates.

kesselb · April 2, 2025, 4:37pm

@Donald_P @Zentheon the name of the configuration option is blacklisted_files.

github.com/nextcloud/server

lib/private/Files/Filesystem.php

90b8838de


      
          		if (self::$blacklist === null) {
          			self::$blacklist = \OC::$server->getConfig()->getSystemValue('blacklisted_files', ['.htaccess']);
          		}

getSystemValue reads a value from the configuration file. Adding 'blacklisted_files' => [], to unset it and also allow .htaccess. You better know what you are doing, especially with apache2 in your stack.

Zentheon · April 2, 2025, 6:30pm

getSystemValue reads a value from the configuration file.

I got curious and decided to look into the topic again.
I ended up coming across this issue which indicates that 'blacklisted_files' is the option which Nextcloud respects, while I had been using 'forbidden_filenames' as the logs had been complaining about. Turns out, both entries are required.

Seeing as there hasn’t been any activity on the issue since January, I’d say it’s safe to assume both options will remain required until version 34. For anyone curious, this is the configuration that worked for me:

  'forbidden_filenames' => 
  array (
    0 => '',
  ),
  'blacklisted_files' => 
  array (
    0 => '',
  ),

Like basically everyone else has pointed out, this is uncharted territory and you are at your own risk allowing .htaccess on your server. Again, I’m pretty sure this is safe to do if you don’t use the Apache flavors of Nextcloud, but don’t take my word.

Matthias_Klenk · April 8, 2025, 12:26pm

I am currently switching from my Synology NAS to Nextcloud. The storage of htaccess files is relatively important for me, as I also use a “shared desktop” with nextcloud on Win and Mac, for example.

Is there an official workaround for this?