KB00007:Prevent Access to the logs directory
PartKeepr stores diagnostic messages in the
app/logs directory. As these logs may contain sensitive data, especially username/passwords for newly created users, it is important to protect the
app/logs directory from unauthorized access.
Setup checks if it can retrieve the file
app/logs/ignore.json from the web.
PartKeepr provides an appropriate
.htaccess file to prevent access to the
app/logs directory. Since you are reading this KB article, you are using a different web server or
.htaccess file parsing is disabled.
Ways to resolve the problem:
- Configure your web server's root directory to include
web/only. On Apache2, this is accomplished via the DocumentRoot directive.
- Configure your web server to prevent access to
- Configure your apache2 web server to parse
Please note that due to the various numbers of web servers, environments and hosting providers, the PartKeepr team cannot provide free support. Please contact your provider on how to make the required webserver configurations or use the support forums of your web server project.