Thursday, November 13, 2014

Magento Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

Magento Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

Specifically check the permissions on app/etc/local.xml as usually this means it is world readable.

Check to see if "other user" has any read, write, and execute permissions:
# find . -perm /007 | xargs -I {} ls -la {}

Change the following line:

# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
  AllowOverride All
  # New directive needed in Apache 2.4.3: 
  Require all granted
</Directory>

No comments: