KB00007:Prevent Access to the logs directory

From PartKeepr Wiki
Revision as of 17:37, 13 January 2016 by Felicitus (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

PartKeepr stores diagnostic messages in the app/logs directory. As these logs may contain sensitive data, especially username/passwords for newly created users, it is important to protect the app/logs directory from unauthorized access.

Setup checks if it can retrieve the file app/logs/ignore.json from the web.

PartKeepr provides an appropriate .htaccess file to prevent access to the app/logs directory. Since you are reading this KB article, you are using a different web server or .htaccess file parsing is disabled.

Ways to resolve the problem:

  • Configure your web server's root directory to include web/ only. On Apache2, this is accomplished via the DocumentRoot directive.
  • Configure your web server to prevent access to app/logs
  • Configure your apache2 web server to parse .htaccess files

Please note that due to the various numbers of web servers, environments and hosting providers, the PartKeepr team cannot provide free support. Please contact your provider on how to make the required webserver configurations or use the support forums of your web server project.