Author Topic: Problems with access rights - config.yml readable via webbrowser  (Read 15304 times)

0 Members and 1 Guest are viewing this topic.

d00msday

  • Jr. Member
  • **
  • Posts: 2
Problems with access rights - config.yml readable via webbrowser
« on: December 16, 2021, 10:47:24 AM »
hello forum,

i am using mibew in the current version in conjunction with an apache webserver on the latest ubuntu version.

my problem is that, despite .htaccess in the mibew folder, i can access the config.yml when i call the whole path from a webbrowser, as an example https://my-site.com/mibew/configs/config.yml

since the config.yml contains access data etc. in plain text, i wonder how i can secure this, so that no one can access this file in the webbrowser.

i already tried to set permissions with chmod, but then the webserver can't access it anymore and the usage doesn't work - also the included .htaccess doesn't seem to help.

what am i doing wrong? where is the error?

thanks for help or ideas!


faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 950
    • Mibew Messenger
Re: Problems with access rights - config.yml readable via webbrowser
« Reply #1 on: December 16, 2021, 12:50:08 PM »
Hi,

1. What about permissions on .htaccess ? Does Apache able to read it?
2. Were there any changes made to stock .htaccess ?
2. Does limits management in .htaccess permitted by Apache configuration? I meanAllowOverride directive here.

And actually this question is related to system administration, not to Mibew Messenger itself.

d00msday

  • Jr. Member
  • **
  • Posts: 2
Re: Problems with access rights - config.yml readable via webbrowser
« Reply #2 on: December 16, 2021, 02:08:50 PM »
thanks for the quick reply, indeed i found an error in the apache config and additionally uploaded the original .htaccess again, although i actually did not make any changes to the file.

sometimes you run into a wall and need someone to give you a push.

it works now, thanks!