Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Page 2 of 4
Magento warning message
 
wyrix
Jr. Member
 
Avatar
Total Posts:  12
Joined:  2009-07-27
Grubbenvorst, The Netherlands
 

I\’ve also got the message;
Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

Can anyone tell me which files are checked? And what conditions are checked?
Are there any files checked for file permissions (like 777 or something)?

At the moment, it\’s a sort of guessing what the problem should be.
The warning is not saying anything to help me.

Our webserver is configured to allow acces to all files, but in the .htaccess it is configured to not show any .ini files.
Via .htaccess we also deny access to directories like \"app\".

All settings are configured like said in http://www.magentocommerce.com/wiki/1_-_installation_and_configuration/magento_installation_guide, but we still get this warning.

 
Magento Community Magento Community
Magento Community
Magento Community
 
DeDux
Jr. Member
 
Total Posts:  2
Joined:  2010-11-29
 
eepsylon - 05 January 2011 04:52 AM

Same error. The ‘AllowOverride’ suggestion did not solve the problem though. Anyone?

Restarted apache after that?

 
Magento Community Magento Community
Magento Community
Magento Community
 
wyrix
Jr. Member
 
Avatar
Total Posts:  12
Joined:  2009-07-27
Grubbenvorst, The Netherlands
 
wyrix - 11 January 2011 12:21 AM

I\’ve also got the message;
Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

Can anyone tell me which files are checked? And what conditions are checked?
Are there any files checked for file permissions (like 777 or something)?

At the moment, it\’s a sort of guessing what the problem should be.
The warning is not saying anything to help me.

Our webserver is configured to allow acces to all files, but in the .htaccess it is configured to not show any .ini files.
Via .htaccess we also deny access to directories like \"app\".

All settings are configured like said in http://www.magentocommerce.com/wiki/1_-_installation_and_configuration/magento_installation_guide, but we still get this warning.

I’ve installed Magento on a different server too. Same way of installation (via the downloader), same configuration of PHP, same configuration of Apache. No error. The only difference is that the first server is running PHP 5.2.14 and the second is running PHP 5.2.17.
So the error shows up with PHP 5.2.17 and not with PHP 5.2.14.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Turnkeye
Moderator
 
Avatar
Total Posts:  908
Joined:  2008-12-20
URL: turnkeye.com
 

There is a similar discussion here:
http://www.magentocommerce.com/boards/viewthread/216632/

It seems that Agenti solution make sense:

Magento is using .htaccess files to protect certiain files and directories. (ex. /app and everything underneath it)

If you’re running Apache, check in your (virtual)server configuration, if overriding from .htaccess files is allowed.

Setting AllowOverride to All should make the warning disappear.

--- config snippet ---
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
--- end ---

 
Magento Community Magento Community
Magento Community
Magento Community
 
Nilesh Patel
Jr. Member
 
Avatar
Total Posts:  4
Joined:  2009-08-04
India
 

Thanks it Works.... smile

 
Magento Community Magento Community
Magento Community
Magento Community
 
marchman
Jr. Member
 
Total Posts:  12
Joined:  2010-09-20
 

I had the same problem and was able to resolve this by changing the permissions to the files

magento/app/etc/local.xml

You need to make sure this is not open to the public view. It contains your database access details. These were exposing my link details and password information with a view of everyone.

You need to set the permission to 551 from 777

 
Magento Community Magento Community
Magento Community
Magento Community
 
kiatng
Enthusiast
 
Total Posts:  875
Joined:  2008-09-03
Kuala Lumpur, Malaysia
 

Running PHP Version 5.2.17, magento 1.5.0.1
Setting file permission to local.xml does not work for me.
But setting the AllowOverride works.  Beware, there may be a few of them in the httpd.conf, so set it at the right place.

 
Magento Community Magento Community
Magento Community
Magento Community
 
brunomarshall
Guru
 
Avatar
Total Posts:  367
Joined:  2009-08-04
 

HI,
It is better to report this error to your hosting provider
and one more thing is file permission check file permission and Best idea is to get
help from hosting provider

 
Magento Community Magento Community
Magento Community
Magento Community
 
JoRaBo
Jr. Member
 
Total Posts:  3
Joined:  2008-11-16
 

Thats the solution

<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

ex:

<VirtualHost *:80>

DocumentRoot /srv/www/shop
ServerName shop.anywhere.de

<Directory \"/srv/www/shop\">
Options FollowSymLinks
AllowOverride All
allow from all
</Directory>

</VirtualHost>

 
Magento Community Magento Community
Magento Community
Magento Community
 
xinhaozheng
Sr. Member
 
Total Posts:  107
Joined:  2009-03-09
 

the problem may cause the local.xml and related config file be accessed by any browser.this was caused by misconfig with web server.
in fact,magento has place an htaccess file in app folder to prevent this.but the htaccess file maybe override by some directive in other place.

so it has nothing to do with file permission.
but casued by web server config.check it if you have ssh perm or contact your server admin.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Turnkeye
Moderator
 
Avatar
Total Posts:  908
Joined:  2008-12-20
URL: turnkeye.com
 

If the issue is still there, try to change permission of /app/etc/local.xml file from 644 to 600.

 
Magento Community Magento Community
Magento Community
Magento Community
 
angelicakm
Jr. Member
 
Total Posts:  27
Joined:  2011-03-29
 

Problem solved, hope this helps you too;

Go to the file /etc/apache2/sites-enabled/default

Edit this file changing the following lines:

ServerAdmin
Document Root /yourpathtomagento/

Options FollowSymLinks
Allow Override None (change to AllowOverride All)

Directory /yourpathtomagento/
Options Indexes FollowSymLinks MultiViews
AllowOverride None ( change to AllowOverride All)
Order allow,deny
Deny from all ( change to Allow from all)

Then, don’t forget to restart Apache2.

If you’re running Ubuntu, use the following ssh command:

sudo /etc/init.d/apache2 restart

Refresh your admin page, and I hope it works for you too!

Best regards,
Angelica

 
Magento Community Magento Community
Magento Community
Magento Community
 
CRuez
Jr. Member
 
Total Posts:  6
Joined:  2011-02-15
 

Had this same problem, but this thread got me going again. Thanks y’all!

 
Magento Community Magento Community
Magento Community
Magento Community
 
kjg1
Jr. Member
 
Total Posts:  3
Joined:  2008-09-13
 

Hi all,
This error is actually driving me crazy any minute now ..

I have 3 different installations of magento on the same server

2 of them are OK, but the 3:rd shows the error message \"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.\”

I have set the permissions to 755 and 644
I have searched for files with other permissions, but all files are 644 and all dirs are 755 (except var/ but that is the same on all installations)

I have reinstalled a number of times (via ssh)
I have changed permission on /app/etc/local.xml to 400 but it did not help

Nothing helps
The message is still there.

Since it is on the same server, apache conf seems not to be the issue.
Same with php version issues.

The .htaccess-files are identical on all 3 installations

Anyone who knows what kind of tests are done by magento software that gives this message? Or anyone having an idea what it can be?

Any help or ideas would be appreciated

 
Magento Community Magento Community
Magento Community
Magento Community
 
ClayReiche
Jr. Member
 
Avatar
Total Posts:  18
Joined:  2009-05-20
 

AllowOverride All

Worked for me.

Thanks!

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top
Page 2 of 4