Difference between revisions of "KB00007:Prevent Access to the logs directory"
(Created page with "PartKeepr stores diagnostic messages in the <code>app/logs</code> directory. As these logs may contain sensitive data, especially username/passwords for newly created users, i...") |
|||
Line 11: | Line 11: | ||
Please note that due to the various numbers of web servers, environments and hosting providers, the PartKeepr team cannot provide free support. Please contact your provider on how to make the required webserver configurations or use the support forums of your web server project. | Please note that due to the various numbers of web servers, environments and hosting providers, the PartKeepr team cannot provide free support. Please contact your provider on how to make the required webserver configurations or use the support forums of your web server project. | ||
+ | |||
+ | [[Category:Knowledge Base]] |
Latest revision as of 17:37, 13 January 2016
PartKeepr stores diagnostic messages in the app/logs
directory. As these logs may contain sensitive data, especially username/passwords for newly created users, it is important to protect the app/logs
directory from unauthorized access.
Setup checks if it can retrieve the file app/logs/ignore.json
from the web.
PartKeepr provides an appropriate .htaccess
file to prevent access to the app/logs
directory. Since you are reading this KB article, you are using a different web server or .htaccess
file parsing is disabled.
Ways to resolve the problem:
- Configure your web server's root directory to include
web/
only. On Apache2, this is accomplished via the DocumentRoot directive. - Configure your web server to prevent access to
app/logs
- Configure your apache2 web server to parse
.htaccess
files
Please note that due to the various numbers of web servers, environments and hosting providers, the PartKeepr team cannot provide free support. Please contact your provider on how to make the required webserver configurations or use the support forums of your web server project.