Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Page 4 of 4
Magento warning message
 
user00265
Jr. Member
 
Avatar
Total Posts:  2
Joined:  2007-10-11
Chatfield, MN
 

Thread is a bit old, yes, but I just had to comment on the fact that the original poster was talking of lighttpd and this thread suddenly became a Apache/.htaccess thread… really un-productive for those of us who do use lighttpd instead of Apache.

For future reference/benefit, here’s my lighttpd configuration for my store, which obviously does not fit all, but the important changes for this issue are noted.

$HTTP["host"=~ "(?:www\.|)store\.mydomain\.com" {
    server
.name "store.mydomain.com"
    
server.document-root "/var/www/vhosts/" server.name "/magento"
    
server.errorlog "/var/log/lighttpd/vhosts/" server.name "/error.log"
    
accesslog.filename "/var/log/lighttpd/vhosts/" server.name "/access.log"

    
static-file.etags "enable"
    
etag.use-mtime "enable"

    
$HTTP["host"=~ "^www\." {
        url
.redirect("^/(.*}" => "http://" server.name "/$1")
    
}

    
# Protect Magento files in lieu of .htaccess
    
$HTTP["url"=~ "^(/app|/downloader/Maged|/downloader/pearlib|/downloader/template|/includes|/lib|/pkginfo|/report/config.xml|/var)" {
        url
.access-deny = ("")
    
}

    url
.rewrite-once = ("^/(.*)\.(ico|css|gz|zip|bz2|png|gif|jpg|js)$" => "$0",
                        
"^/(.*)\.p(hp|html)$" => "$0",
                        
"^/(media|skin|js)/(.*)$" => "$0")

    
url.rewrite-if-not-file = ("/\?(.*)" => "/index.php?$1",
                               
".*" => "/index.php")
}
 
Magento Community Magento Community
Magento Community
Magento Community
 
Garrawind
Jr. Member
 
Total Posts:  2
Joined:  2010-03-31
 
magentoinchina - 05 January 2011 06:21 AM

http://127.0.0.1/magento1420/app/etc/local.xml

that is the actually problem.

Master.. thanks for save my day!!

changing permissions from 777 to 600 was enough for me.

Ezequiel, from Argentina =)

 
Magento Community Magento Community
Magento Community
Magento Community
 
rafael.auday
Newbie
 
Total Posts:  0
Joined:  2011-01-18
 

Hi guys,

for the fix the problem with the message “Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.” is need configure the permission for the file app->etc->local.xml how 600.

 
Magento Community Magento Community
Magento Community
Magento Community
 
eyekiller_web
Jr. Member
 
Avatar
Total Posts:  19
Joined:  2011-06-09
 

My post in another thread:

Hello,

I know this is an old thread but I can confirm that Shirokovskiy’s solution works.

I placed an .htaccess file in magento/app containing:

Order deny,allow
Deny from all

The message then disappeared. Magento ver. 1.6.1.0

 
Magento Community Magento Community
Magento Community
Magento Community
 
kevstev01
Jr. Member
 
Avatar
Total Posts:  1
Joined:  2012-01-16
 

Magento 1.7.0.2
The code looks to see if a curl request for {{base_url}}/app/etc/local.xml is successful in the file
app/code/core/Mage/Adminhtml/Block/Notification/Security.phtml

if successful (URL return code 200) the security warning is shown, as it should be denied.
In my case, access to the local.xml file was blocked correctly, but the DNS record on the server had not updated from an existing site, so was returning an html return code of 200 as the old site was serving up the default page - identified by logging the $responseBody to a local file.

Might save a few hair pulls ;o)

 
Magento Community Magento Community
Magento Community
Magento Community
 
phes
Jr. Member
 
Total Posts:  6
Joined:  2009-12-17
 

Thanks
RivalWebDesign

Our problem was also missing htaccess file

 
Magento Community Magento Community
Magento Community
Magento Community
 
Lipideco
Newbie
 
Total Posts:  0
Joined:  2013-03-18
 
rafael.auday - 21 January 2013 05:03 AM

Hi guys,

for the fix the problem with the message “Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.” is need configure the permission for the file app->etc->local.xml how 600.

Thank You this help for me

 
Magento Community Magento Community
Magento Community
Magento Community
 
luxdesignsuk
Jr. Member
 
Total Posts:  3
Joined:  2013-03-17
 

Just adding to this thread as I had the same issue but nothing here helped me.

My fix was to upgrade the PHP version on my server. Originally it was on 5.3.23. I updated it to 5.4.14.

I hope that helps someone who had similar issues.

 
Magento Community Magento Community
Magento Community
Magento Community
 
DavidSok2011
Jr. Member
 
Total Posts:  2
Joined:  2011-12-08
 
marchman - 21 February 2011 11:51 PM

I had the same problem and was able to resolve this by changing the permissions to the files

magento/app/etc/local.xml

You need to make sure this is not open to the public view. It contains your database access details. These were exposing my link details and password information with a view of everyone.

You need to set the permission to 551 from 777

 
Magento Community Magento Community
Magento Community
Magento Community
 
leefuller
Jr. Member
 
Total Posts:  2
Joined:  2014-03-21
 
angelicakm - 22 May 2011 06:06 AM

Problem solved, hope this helps you too;

Go to the file /etc/apache2/sites-enabled/default

Edit this file changing the following lines:

ServerAdmin
Document Root /yourpathtomagento/

Options FollowSymLinks
Allow Override None (change to AllowOverride All)

Directory /yourpathtomagento/
Options Indexes FollowSymLinks MultiViews
AllowOverride None ( change to AllowOverride All)
Order allow,deny
Deny from all ( change to Allow from all)


Then, don’t forget to restart Apache2.

If you’re running Ubuntu, use the following ssh command:

sudo /etc/init.d/apache2 restart

Refresh your admin page, and I hope it works for you too!

Best regards,
Angelica

Worked for me.

 
Magento Community Magento Community
Magento Community
Magento Community
 
bladerz
Jr. Member
 
Total Posts:  1
Joined:  2012-09-21
 

While nothing from the above solutions (setting AllowOverride to All, chmod, etc.) helped me to get rid of the warning message I finally checked the .htaccess file located in the app folder.
For some reason it allowed access from the local machine. I had to comment the line \"Allow from 127.0.0.1 localhos\”:
Order deny,allow
#Allow from 127.0.0.1 localhost
Deny from all

Problem gone smile

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top
Page 4 of 4