Topic: Problems with access rights - config.yml readable via webbrowser

[d00msday]

hello forum,

i am using mibew in the current version in conjunction with an apache webserver on the latest ubuntu version.

my problem is that, despite .htaccess in the mibew folder, i can access the config.yml when i call the whole path from a webbrowser, as an example https://my-site.com/mibew/configs/config.yml

since the config.yml contains access data etc. in plain text, i wonder how i can secure this, so that no one can access this file in the webbrowser.

i already tried to set permissions with chmod, but then the webserver can't access it anymore and the usage doesn't work - also the included .htaccess doesn't seem to help.

what am i doing wrong? where is the error?

thanks for help or ideas!

[faf]

Hi,

1. What about permissions on .htaccess ? Does Apache able to read it?
2. Were there any changes made to stock .htaccess ?
2. Does limits management in .htaccess permitted by Apache configuration? I meanAllowOverride directive here.

And actually this question is related to system administration, not to Mibew Messenger itself.

[d00msday]

thanks for the quick reply, indeed i found an error in the apache config and additionally uploaded the original .htaccess again, although i actually did not make any changes to the file.

sometimes you run into a wall and need someone to give you a push.

it works now, thanks!