Magento Forum

Magento warning message
 
ehime
Jr. Member
 
Avatar
Total Posts:  11
Joined:  2010-07-02
 

Please make sure to use

<Files "\.(inc|sql|xml|additional|template)$">
  
order allow,deny
  Deny from all
</Files>

in your /etc/apache2/sites-enabled/default (or 000-default)

This is not an .htaccess thing, its an Apache thing.

 
Magento Community Magento Community
Magento Community
Magento Community
 
guang
Jr. Member
 
Total Posts:  2
Joined:  2011-06-14
 

This has fixed the problem.:

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

chmod 600 /var/www/html/app/etc/*

vi /etc/httpd/conf/httpd.conf

Replace: AllowOverride None to AllowOverride All

service httpd restart
 
Magento Community Magento Community
Magento Community
Magento Community
 
MK_dizajn
Jr. Member
 
Avatar
Total Posts:  8
Joined:  2010-05-22
Zagreb, Croatia
 

Thanks, did solved my problem!

on line 339 of this file: /etc/httpd/conf/httpd.conf

AllowOverride All

tiberiugal - 05 January 2011 01:26 AM

I’ve got the same message with clean install over ssh,
Fix: Edit apache configuration file ,change line
“AllowOverride None”
to
“AllowOverride All”

 
Magento Community Magento Community
Magento Community
Magento Community
 
andremartin
Jr. Member
 
Total Posts:  2
Joined:  2011-06-19
 

1. Log in to your Magento admin panel.
2. At the top of the screen you can see the warning message. It usually appears right after the Magento installation as all Magento configuration settings are set to default.
3. In order to remove this message open the “System” tab
4. Then select “Configuration”
5. With that done, click on the “Web” menu item in the “Configuration” section
6. You can see two tabs: unsecure and secure. Here we’ll change the “base_url” values
7. Replace the {{base_url} } value with the root path to your Magento store. Note! The root URL should end with a forward slash and the secure base_url value should start with “https”.
8. When you are done, click the “Save Config” button at the top.
9. Note! You can use an https secure URL only in case you have an active SSL certificate. You can contact your hosting provider for further reference.

web solutions melbourne

 
Magento Community Magento Community
Magento Community
Magento Community
 
imranakhtar
Jr. Member
 
Total Posts:  1
Joined:  2011-06-20
 
eepsylon - 05 January 2011 04:52 AM

Same error. The ‘AllowOverride’ suggestion did not solve the problem though. Anyone?

Maybe a CHMOD problem

 
Magento Community Magento Community
Magento Community
Magento Community
 
pedrosh
Jr. Member
 
Total Posts:  12
Joined:  2010-05-01
 

Only worked for me in 1.6.0.0 RC1. Looks like 1.5 .htaccess files cause 500 error page when AllowOverride All is set
Moving to 1.6 made it.

Lastest LAMP versions have spread conf files among modules. httpd.conf is empty now.

Here my apache2 configuration snippet:
/etc/apache2/sites-enabled# pico 000-default

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

 
Magento Community Magento Community
Magento Community
Magento Community
 
brunomarshall
Guru
 
Avatar
Total Posts:  367
Joined:  2009-08-04
 

Hello ,

This is from your file permission problem provide correct file permission to the files to avoid this problem .

like folders should have 0777 and files should have 0755 and then try .

 
Magento Community Magento Community
Magento Community
Magento Community
 
cocos
Jr. Member
 
Total Posts:  24
Joined:  2009-12-11
South Korea, Seoul
 
tiberiugal - 05 January 2011 01:26 AM

I’ve got the same message with clean install over ssh,
Fix: Edit apache configuration file ,change line
“AllowOverride None”
to
“AllowOverride All”

If I may just add one thing..............

I use the CentOS v5.3 by linux server.
the configuration file of webserver(apache) : /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerAdmin
DocumentRoot /var/www/public_html
ServerName http://www.mydomain.com
ServerAlias mydomain.com

<Directory /var/www/public>
AllowOverride All
</Directory>
</VirtualHost>

In my case, the cause of problem was this.
Real directory path was incorrect (has been mis-typed)
“<Directory /var/www/public_html>” is correct - NOT “<Directory /var/www/public>”.
“_html” has been omitted.
so the warning message has ever been displayed smile

Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ed P
Member
 
Total Posts:  36
Joined:  2010-03-31
 

Hi,

The issue was apparent on one of our Magento stores and was resolved in a very different way as none of the above worked for us.

In the following file at line 33 - app/design/adminhtml/default/default/template/notification/baseurl.phtml (on version 1.4.2.0) there was a clue which warned about using {{base_url}} in the general web configuration settings .. the warning stated -

{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento configuration

when we changed the values in system > config > general > web > unsecure / secure from {{base_url}}/etc to http://www.domain.com/etc and flushed the cache the issue was resolved.

this issue was actually resolved by our magento hosting company support team - http://www.unitedhosting.co.uk/uk-magento-web-hosting.php

 
Magento Community Magento Community
Magento Community
Magento Community
 
RivalWebDesign
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2010-10-25
Australia
 

In our case the problem was caused from transferring the site to another server, and some .htaccess files not being copied along. To fix it we created an .htaccess file in the app directory, and put the following two lines in it.

Order deny,allow
Deny from all
 
Magento Community Magento Community
Magento Community
Magento Community
 
SCompany
Jr. Member
 
Avatar
Total Posts:  20
Joined:  2009-09-17
 

You could also deny access to the file local.xml from your htaccess like this:

<Files local.xml>
deny from all
</Files>

And perhaps block direct access to your .htaccess file:

<Files .htaccess>
deny from all
</Files>
 
Magento Community Magento Community
Magento Community
Magento Community
 
nsssim
Jr. Member
 
Total Posts:  1
Joined:  2011-09-26
 

solved under Ubuntu server
go to /etc/apache2/sites-enabled/
edit the file 000-default

change the two first AllowOverride from None to All, appache won’t read .httaccess if AlloOverride is set to None

<VirtualHost *:80>
    
ServerAdmin webmaster@localhost

    DocumentRoot 
/var/www
    
<Directory />
        
Options FollowSymLinks
        AllowOverride All    
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< this one
    
</Directory>
    <
Directory /var/www/>
        
Options Indexes FollowSymLinks MultiViews
        AllowOverride All  
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< and this one
        Order allow
,deny
        allow from all
    
</Directory>

    
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <
Directory \\\"/usr/lib/cgi-bin\\\">
        
AllowOverride None
        Options 
+ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow
,deny
        Allow from all
    
</Directory>

    
ErrorLog /var/log/apache2/error.log

    
# Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    
LogLevel warn

    CustomLog 
/var/log/apache2/access.log combined

    Alias 
/doc\\\"/usr/share/doc/\\\"
    
<Directory \\\"/usr/share/doc/\\\">
        
Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny
,allow
        Deny from all
        Allow from 127.0.0.0
/255.0.0.0 ::1/128
    
</Directory>

</
VirtualHost>

That\\\’s it.
restart Apache

sudo /etc/init.d/apache2 restart

go to the Magento Backend and refresh ,

 
Magento Community Magento Community
Magento Community
Magento Community
 
jdh239
Jr. Member
 
Total Posts:  1
Joined:  2012-01-05
 

This worked for me after I discovered the root of my issue.  I copied my vhost config from another vhost and forgot to change one of my paths.  It was slightly off.  Once I corrected it the AllowOverride ALL resolved my issue:

ie:
Directory /srv/www/htdocs/username/somesite.com/www

Changed to /srv/www/htdocs/somesite.com

NOTE:  My magento is installed at the root of my dir

 
Magento Community Magento Community
Magento Community
Magento Community
 
tomperrino
Jr. Member
 
Total Posts:  2
Joined:  2012-01-06
 

got the same problem over here, please let me know if you find out why

 
Magento Community Magento Community
Magento Community
Magento Community
 
MagentoBackups
Jr. Member
 
Total Posts:  16
Joined:  2010-02-02
Los Angeles
 

I added this line to my .htaccess file to forbid access to the app directory. 
This is a new, fresh install, so there may be unkown consequences… I will come back to edit if I run into anything

Inside the

<IfModule mod_rewrite.c>
block, add this line:
RewriteRule ^(app) - [F,L]
 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top