Magento

At the top of the screen you can see the warning message. It usually appears right after the Magento installation as all Magento configuration settings are set to default.

Click thumbnail to see full-size image

I\’ve also got the message;
Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

Can anyone tell me which files are checked? And what conditions are checked?
Are there any files checked for file permissions (like 777 or something)?

At the moment, it\’s a sort of guessing what the problem should be.
The warning is not saying anything to help me.

Our webserver is configured to allow acces to all files, but in the .htaccess it is configured to not show any .ini files.
Via .htaccess we also deny access to directories like \"app\".

All settings are configured like said in http://www.magentocommerce.com/wiki/1_-_installation_and_configuration/magento_installation_guide, but we still get this warning.

eepsylon - 05 January 2011 05:52 AM

Same error. The ‘AllowOverride’ suggestion did not solve the problem though. Anyone?

Restarted apache after that?

wyrix - 11 January 2011 01:21 AM

I\’ve also got the message;
Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

Can anyone tell me which files are checked? And what conditions are checked?
Are there any files checked for file permissions (like 777 or something)?

At the moment, it\’s a sort of guessing what the problem should be.
The warning is not saying anything to help me.

Our webserver is configured to allow acces to all files, but in the .htaccess it is configured to not show any .ini files.
Via .htaccess we also deny access to directories like \"app\".

All settings are configured like said in http://www.magentocommerce.com/wiki/1_-_installation_and_configuration/magento_installation_guide, but we still get this warning.

I’ve installed Magento on a different server too. Same way of installation (via the downloader), same configuration of PHP, same configuration of Apache. No error. The only difference is that the first server is running PHP 5.2.14 and the second is running PHP 5.2.17.
So the error shows up with PHP 5.2.17 and not with PHP 5.2.14.

There is a similar discussion here:
http://www.magentocommerce.com/boards/viewthread/216632/

It seems that Agenti solution make sense:

Magento is using .htaccess files to protect certiain files and directories. (ex. /app and everything underneath it)

If you’re running Apache, check in your (virtual)server configuration, if overriding from .htaccess files is allowed.

Setting AllowOverride to All should make the warning disappear.

--- config snippet ---
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
--- end ---

Thanks it Works....

I had the same problem and was able to resolve this by changing the permissions to the files

magento/app/etc/local.xml

You need to make sure this is not open to the public view. It contains your database access details. These were exposing my link details and password information with a view of everyone.

You need to set the permission to 551 from 777

Running PHP Version 5.2.17, magento 1.5.0.1
Setting file permission to local.xml does not work for me.
But setting the AllowOverride works.  Beware, there may be a few of them in the httpd.conf, so set it at the right place.

HI,
It is better to report this error to your hosting provider
and one more thing is file permission check file permission and Best idea is to get
help from hosting provider

Thats the solution

<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

ex:

<VirtualHost *:80>

DocumentRoot /srv/www/shop
ServerName shop.anywhere.de

<Directory \"/srv/www/shop\">
Options FollowSymLinks
AllowOverride All
allow from all
</Directory>

</VirtualHost>

the problem may cause the local.xml and related config file be accessed by any browser.this was caused by misconfig with web server.
in fact,magento has place an htaccess file in app folder to prevent this.but the htaccess file maybe override by some directive in other place.

so it has nothing to do with file permission.
but casued by web server config.check it if you have ssh perm or contact your server admin.

If the issue is still there, try to change permission of /app/etc/local.xml file from 644 to 600.

Problem solved, hope this helps you too;

Go to the file /etc/apache2/sites-enabled/default

Edit this file changing the following lines:

ServerAdmin
Document Root /yourpathtomagento/

Options FollowSymLinks
Allow Override None (change to AllowOverride All)

Directory /yourpathtomagento/
Options Indexes FollowSymLinks MultiViews
AllowOverride None ( change to AllowOverride All)
Order allow,deny
Deny from all ( change to Allow from all)

Then, don’t forget to restart Apache2.

If you’re running Ubuntu, use the following ssh command:

sudo /etc/init.d/apache2 restart

Refresh your admin page, and I hope it works for you too!

Best regards,
Angelica

Had this same problem, but this thread got me going again. Thanks y’all!

Hi all,
This error is actually driving me crazy any minute now ..

I have 3 different installations of magento on the same server

2 of them are OK, but the 3:rd shows the error message \"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.\”

I have set the permissions to 755 and 644
I have searched for files with other permissions, but all files are 644 and all dirs are 755 (except var/ but that is the same on all installations)

I have reinstalled a number of times (via ssh)
I have changed permission on /app/etc/local.xml to 400 but it did not help

Nothing helps
The message is still there.

Since it is on the same server, apache conf seems not to be the issue.
Same with php version issues.

The .htaccess-files are identical on all 3 installations

Anyone who knows what kind of tests are done by magento software that gives this message? Or anyone having an idea what it can be?

Any help or ideas would be appreciated