oDesk Certified Magento Developer oDesk Certified Email Etiquette Expert oDesk Certified PHP4 Developer oDesk Certified English (Sentence Structure) Expert oDesk Certified PHP5 Developer

Message

Be free to post your comments and i can provide working code and plugins if received any request for that.

Monday, December 19, 2011

Magento admin notice "Your web server is configured ......... hosting provider."

Here is solution to the issue, which comes in magento admin dashboard.
"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider."

Issue Explanation :-
The issue relates with easy access to configuration file by web, i.e.,  
http://sitename/app/etc/local.xml
And this should be made unreadable by web.

Solution :- 
Depending on server apache settings any of the following solution may work.
1. Try changing permissions of  app/etc/local.xml to 660. Then check if http://sitename/app/etc/local.xml shows forbidden(or access denied or any error) & then test magento admin dashboard if that error is gone.
2. In case 1 fails, then 
 Try changing permissions of  app/etc/local.xml to 600. Then check if http://sitename/app/etc/local.xml shows forbidden & then test magento admin dashboard if that error is gone. 
3. In case, 1 & 2 both fails then lets discuss it further with me, as there might any other security loophole that too has to be fixed.
Posted by
at

13 comments:

  1. Useful and informative post here and i get it clear information about this topic here. hosting services

    ReplyDelete

  2. perfect solution...no 1 worked for me.

    Thanxxxxxxxx.

    ReplyDelete

  4. When I changed the file permissions and tried to access the site it took me to the installation page and not the site, do you know why this would be?

    ReplyDelete
    Replies

    1. Frnd, i think you have changed the permission such that the local.xml is also not available for read. Read permission must always be given to that file.
      If read is not allowed it will take you to installation page.
      Hope, you find the answer to your question.
      If still you couldnot find the answer please mail me or put here your email id so that i can personally solve your problem,

      Delete

  5. you say "http://sitename/app/etc/local.xml
    And this should be made unreadable by web"

    but it does need to be readable by web. Do you mean not writeable?

    ReplyDelete
    Replies

    1. Hi,

      By readable i mean here if you type "http://sitename/app/etc/local.xml" in your web browser it shouldnot open up the file in browser. So it should rather be not accessible to the browser or the outer world.
      Thanks for the precious comment of yours.

      Thanks

      Delete

  6. Hi,
    I have tried out both of your above suggestion but not found any change i am still getting that error at backend and also being able to read file by browser.I am using Magento 1.6.2.0 and Ubuntu as my operating system...Need Your Valuable Feedback.
    Thanks In Advance..

    ReplyDelete
    Replies

    1. Hi,

      Have you tried by changing the file(local.xml) permission to read/write.
      Donot allow access permission.

      Thanks

      Delete

    2. ya i have change the local.xml permission to read only but don't found any change

      Delete

    3. Can you please provide me link of your website.

      Delete

    4. i m working on local server

      Delete

  7. is it get solved as i upload my file on server

    ReplyDelete

Subscribe to: Post Comments (Atom)