As a lot of you probably know, I host a mirrored copy of a private forum for the website Skeptical Science which was released by an unknown hacker. The files were available for quite some time, but you had to download them and open each individually. I thought it would be helpful if people could instead read the forum via a web browser like a normal forum user might. I announced this mirror about six months ago:
Today, for the first time, there was a problem with it. A couple users on Twitter said they couldn't access it. I was surprised. I hadn't done anything which could have changed the permissions for the directory the mirror was in. There hadn't been a problem for the last six months, and as far as I knew, there shouldn't have been a problem now.
It turns out the problem arose from an .htaccess file in the directory the mirror is located in. .htaccess files are used to control how resources can be accessed on an Apache server. This file was an incredibly simple one, consisting solely of these lines:
IndexOptions FancyIndexing SuppressLastModified SuppressSize SuppressDescription
The first line sets the default page of the directory to "index.php." The second line turns on directory indexing, meaning if no index.php is found, the server will show users a list of all files in the directory. That's what I wanted. Users needed to be able to see a directory so they could look through the various files from the forum. (The last line just determines how the directory listing will look.)
It took me a little while to figure out why this suddenly stopped working. It turns out the problem stemmed from the line, "Options Indexes." While that used to turn on Indexing, now, it wouldn't. I had to change the line to say "Options +Indexes."
A + sign specifically tells the server I want the option turned on. A - sign specifically tells the server I want the option turned off. Without either sign, the server used to know I wanted the option turned on. That was the default assumption. I didn't do anything to mess with it. My web host did.
This site is on a server managed by a company named DreamHost. I like DreamHost, but I'll never get used to a third party having control over my server. This experience shows why. DreamHost apparently made some change I didn't know about, and that change changed the default behavior of how my Apache server interprets .htaccess files.
I had no way to know that had happened. I don't even know when it happened. DreamHost didn't tell me it was making whatever change it made. If users on Twitter hadn't mentioned they couldn't access the mirrored forum, I might never have noticed the problem.
That shows one of the reasons I'll always find web hosting weird. I doubt DreamHost intentionally made this change. I suspect they didn't even realize it had happened. It was probably an unexpected side-effect of some change they made. I understand how that sort of thing can happen. I should have included the + sign from the start anyway just as good practice.
But it's still weird to know any resource I place on this site could possibly be rendered inaccessible by some change I not only have no control over, but can't even know about.
Oh well. It's a tiny price to pay for a good service. I mostly just wanted to let people know why they might not have been able access the mirrored forum recently.