Magento - Error: "Your web server is configured incorrectly." - Installation Problems - eCommerce Software for Growth

Log In

Username or Email

Password:

Forgot Password

or
Register

Skip to site navigation »
Skip to main content »
Skip to footer content »

Magento Forum

Error: “Your web server is configured incorrectly.”

00Dante Total Posts: 5 Joined: 2011-01-09 Ignore user	Well, this my first time installing Magento. Using Magento ver. 1.4.2.0 I made it through, and everything seems to of worked fine - except I get this error: “Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.” Here is a screen shot: http://qkpic.com/3917d The error doesn’t seem to prevent anything from working properly - it’s just a little scary sounding. What should I do? I installed via the full version and not the autodownloader thing. Also, I didn’t install in the root directory, I installed in a directory called /store Image Attachments Click thumbnail to see full-size image
	Posted: January 10 2011 \| top

00Dante Total Posts: 5 Joined: 2011-01-09 Ignore user	Looks like it comes from this file: http://svn.magentocommerce.com/source/branches/1.4-trunk/app/design/adminhtml/default/default/template/notification/security.phtml So what triggers this?!
	Posted: January 10 2011 \| top \| # 1

Justin Total Posts: 3 Joined: 2010-12-20 Minneapolis Ignore user	I think you get problem in security setting. So, check it back and re- configure it to be sure that meet all requirements. Signature Minneapolis Internet Marketing \| Web Design Price \| Minnesota SEO
	Posted: January 10 2011 \| top \| # 2

Insolo Total Posts: 11 Joined: 2010-04-26 Ignore user	dwspro - 09 January 2011 07:03 PM I think you get problem in security setting. So, check it back and re- configure it to be sure that meet all requirements. Genious answer.
	Posted: January 12 2011 \| top \| # 3

jalker Total Posts: 15 Joined: 2011-01-12 Ignore user	I am having the same error message… and installed it the same way. Did you find a fix for it?
	Posted: January 13 2011 \| top \| # 4

Mageex Total Posts: 9 Joined: 2010-09-08 Ignore user	Where dis you install? I mean how is your server environment? Signature extend your ecommerce - http://www.mageex.com
	Posted: January 13 2011 \| top \| # 5

agenti Total Posts: 4 Joined: 2009-12-27 Ignore user	Magento is using .htaccess files to protect certiain files and directories. (ex. /app and everything underneath it) If you’re running Apache, check in your (virtual)server configuration, if overriding from .htaccess files is allowed. Setting AllowOverride to All should make the warning disappear. --- config snippet --- <Directory /> Options FollowSymLinks AllowOverride All </Directory> --- end ---
	Posted: January 14 2011 \| top \| # 6

awsom Total Posts: 3 Joined: 2011-01-11 Ignore user	I have the same problem. When im going to install (webbased) on my apache2 server. I use the following commands: `find . -type f -exec chmod 644 {} \; find . -type d -exec chmod 777 {} \;` Than after installation, I get the message that it isnot secure etc.etc. WHAT chmod do i have to use after the installation?? I can access http://192.168.1.3/magento/app/etc/local.xml with my browser… I cant find a simple answer to use what chmods etc for what directory… Mmm. I changed the following in /etc/apache2/sites-enabled/000-default `Documentroot /var/www <Directory /> Options FollowSymLinks AllowOverride [b]All[/b] </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride [b]All[/b] Order allow,deny allow from all </directory>` Do I have to set both AllowOverride from None to All or just one? Thanks.
	Posted: January 14 2011 \| top \| # 7

webrup Total Posts: 7 Joined: 2010-10-27 Ignore user	Make sure in your Apache config for this directory is set to: AllowOverride All And I noticed that I forgot to add the symlink to the “sites-enabled” directory for apache, to make sure the config is used. After that, my error went away. Good luck.
	Posted: January 18 2011 \| top \| # 8

Seth Rogers Total Posts: 2 Joined: 2009-08-01 Ignore user	Hi there. I’m new in magento. I strart with 1.4.2 and i got problem. It shows me this same error. SORRY FOR MY ENGLISH. i had hope you will understand me Help Me !!!! I dont have acces to my server conf so i cant change anything in there. the only thing i can change is .htaccess file. Can enyone help me do this. I put here what i got i my .htaccess. if this will work and anyone can change this for me in this file. Will be great and you save my life. ############################################ ## uncomment these lines for CGI mode ## make sure to specify the correct cgi php binary file name ## it might be /cgi-bin/php-cgi # Action php5-cgi /cgi-bin/php5-cgi # AddHandler php5-cgi .php ############################################ ## GoDaddy specific options # Options -MultiViews ## you might also need to add this line to php.ini ## cgi.fix_pathinfo = 1 ## if it still doesn't work, rename php.ini to php5.ini ############################################ ## this line is specific for 1and1 hosting #AddType x-mapp-php5 .php #AddHandler x-mapp-php5 .php ############################################ ## default index file DirectoryIndex index.php <IfModule mod_php5.c> ############################################ ## adjust memory limit # php_value memory_limit 64M php_value memory_limit 128M php_value max_execution_time 18000 ############################################ ## disable magic quotes for php request vars php_flag magic_quotes_gpc off ############################################ ## disable automatic session start ## before autoload was initialized php_flag session.auto_start off ############################################ ## enable resulting html compression php_flag zlib.output_compression on ########################################### # disable user agent verification to not break multiple image upload php_flag suhosin.session.cryptua off ########################################### # turn off compatibility with PHP4 when dealing with objects php_flag zend.ze1_compatibility_mode Off </IfModule> <IfModule mod_security.c> ########################################### # disable POST processing to not break multiple image upload SecFilterEngine Off SecFilterScanPOST Off </IfModule> <IfModule mod_deflate.c> ############################################ ## enable apache served files compression ## http://developer.yahoo.com/performance/rules.html#gzip # Insert filter on all content ###SetOutputFilter DEFLATE # Insert filter on selected content types only #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript # Netscape 4.x has some problems... #BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems #BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Don't compress images #SetEnvIfNoCase Request_URI \.(?:gif\|jpe?g\|png)$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content #Header append Vary User-Agent env=!dont-vary </IfModule> <IfModule mod_ssl.c> ############################################ ## make HTTPS env vars available for CGI mode SSLOptions StdEnvVars </IfModule> <IfModule mod_rewrite.c> ############################################ ## enable rewrites Options +FollowSymLinks RewriteEngine on ############################################ ## you can put here your magento root folder ## path relative to web root #RewriteBase /magento/ ############################################ ## workaround for HTTP authorization ## in CGI environment RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] ############################################ ## always send 404 on missing files in these folders RewriteCond %{REQUEST_URI} !^/(media\|skin\|js)/ ############################################ ## never rewrite for existing files, directories and links RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l ############################################ ## rewrite everything else to index.php RewriteRule .* index.php [L] </IfModule> ############################################ ## Prevent character encoding issues from server overrides ## If you still have problems, use the second line instead AddDefaultCharset Off #AddDefaultCharset UTF-8 <IfModule mod_expires.c> ############################################ ## Add default Expires header ## http://developer.yahoo.com/performance/rules.html#expires ExpiresDefault "access plus 1 year" </IfModule> ############################################ ## By default allow all access Order allow,deny Allow from all ############################################ ## If running in cluster environment, uncomment this ## http://developer.yahoo.com/performance/rules.html#etags #FileETag none agenti - 14 January 2011 04:53 AM Magento is using .htaccess files to protect certiain files and directories. (ex. /app and everything underneath it) If you’re running Apache, check in your (virtual)server configuration, if overriding from .htaccess files is allowed. Setting AllowOverride to All should make the warning disappear. --- config snippet --- <Directory /> Options FollowSymLinks AllowOverride All </Directory> --- end ---
	Posted: January 22 2011 \| top \| # 9

loopion Total Posts: 24 Joined: 2010-02-11 New York Ignore user	Here is what save my life on this subject: <Directory /var/www/> Options FollowSymLinks AllowOverride All Order allow,deny allow from all </Directory>
	Posted: April 29 2011 \| top \| # 10

g0ldstein Total Posts: 36 Joined: 2009-02-15 Ignore user	What I get after adding this to the root htaccess of Magento is a “Not found” page. Solution anyone? Signature Guy Labbé, graphic designer from Quebec. Check out my blog, I write a bit about Magento! Sinon, tu aimes les bonbons? On en vend tout pleins chez Candide, la confiserie fine en ligne. Attention, pas de la marchandise en vrac, mais bien de la haute qualité, voire du luxe! Ou encore, envie de recettes de desserts? Le blogue de Candide.ca t’en propose plein plein plein…
	Posted: May 7 2011 \| top \| # 11

SimpleHelix.com Total Posts: 905 Joined: 2007-08-31 Huntsville, AL Ignore user	Hello, This usually happens if app/etc/local.xml is set to 777 or is readable in the browser. I would recommend setting its permissions to 640 or 644, and making sure that your .htaccess files are intact. Signature █ SimpleHelix, LLC █ A World-Class Magento Web Hosting company - Providing scalable, reliable, and secure enterprise hosting solutions █ The creators of super-fast performance hosting. Find out more @ http://www.SimpleHelix.com
	Posted: May 9 2011 \| top \| # 12

g0ldstein Total Posts: 36 Joined: 2009-02-15 Ignore user	thanks, but i verified this details and all is ok on that side ... I keep having the message :( Signature Guy Labbé, graphic designer from Quebec. Check out my blog, I write a bit about Magento! Sinon, tu aimes les bonbons? On en vend tout pleins chez Candide, la confiserie fine en ligne. Attention, pas de la marchandise en vrac, mais bien de la haute qualité, voire du luxe! Ou encore, envie de recettes de desserts? Le blogue de Candide.ca t’en propose plein plein plein…
	Posted: May 9 2011 \| top \| # 13

SimpleHelix.com Total Posts: 905 Joined: 2007-08-31 Huntsville, AL Ignore user	Hello, I’m curious - have you tried 1.5.1.0? I would say another version might not exhibit the same behavior; perhaps it’s worth a try. Signature █ SimpleHelix, LLC █ A World-Class Magento Web Hosting company - Providing scalable, reliable, and secure enterprise hosting solutions █ The creators of super-fast performance hosting. Find out more @ http://www.SimpleHelix.com
	Posted: May 11 2011 \| top \| # 14

angelicakm Total Posts: 27 Joined: 2011-03-29 Ignore user	Hi, I am struggling with this issue as well. I am running Magento version 1.5.1.0, so that’s not a version problem. I am not sure if this message is due to wrong file permission settings, if it’s due to apache2.conf configuration, or sites-enabled/default configuration, or .httpd file configuration. By the way, I’ve tried multiple changes to all of them, and nothing worked. I’m not experient at all with apache server configuration, do anyone have a clue how this can be fixed?? I’ve set on apache2.conf “AllowOverride All” for .httpd. My httpd.conf file is empty. On sites-enabled/default file, everything is set, in this moment, to “AllowOverride None” ( I’ve tried MULTIPLE configurations, now I left it as it is, until someone can put a light on this subject...) My permissions for app/etc, media and var are set to 777. The rest of the files and directories are set to 755. I didn’t find anywhere a tutorial explaining which are the right permissions, when I set them to 6xx, 655 etc, Magento stops working. Thanks! Signature Loja de Materiais, Papéis, Tecidos e Ferramentas para Scrapbook, Patchwork, Artesanato e Belas Artes- La Nuance
	Posted: May 15 2011 \| top \| # 15

Magento Community

Magento Community

Back to top

Sample data reviews count