Linux Magento Apache 配置(app/etc/local.xml 可访问警告)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11492039/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Magento Apache configuration (app/etc/local.xml accessible warning)
提问by John Goche
Just finished installing Magento on a Linux server.
刚刚在 Linux 服务器上安装了 Magento。
When I go to the Magento "Admin Panel" I can see the following message at the top of the page.
当我转到 Magento“管理面板”时,我可以在页面顶部看到以下消息。
Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from outside. Please contact your hosting provider.
您的 Web 服务器配置不正确。因此,可以从外部访问带有敏感信息的配置文件。请联系您的托管服务提供商。
What is the most likely cause for this error message?
出现此错误消息的最可能原因是什么?
Thanks,
谢谢,
John Goche
约翰·戈什
采纳答案by Fiasco Labs
Magento uses .htaccess files in various directories to deny access to the directory trees. You will find them in app, media, var, and wherever else Magento sees fit to stick them. They do various things like deny viewing (app, var), executing (media .htaccess). For these .htaccess files to work, it is really important that the following be set in either the doc root .htaccess or in the virtual server configuration.
Magento 使用各种目录中的 .htaccess 文件来拒绝对目录树的访问。您可以在应用程序、媒体、var 以及 Magento 认为适合粘贴它们的任何其他地方找到它们。他们做各种各样的事情,比如拒绝查看(app、var)、执行(media .htaccess)。为了使这些 .htaccess 文件工作,在文档根目录 .htaccess 或虚拟服务器配置中设置以下内容非常重要。
Options FollowSymLinks
AllowOverride All
More than likely, Magento detects that the app directory .htaccess file isn't being allowed to deny network access to your app/etc/local.xml file, so all your database credentials and encryption key are visible to anyone with a web browser.
更有可能的是,Magento 检测到应用目录 .htaccess 文件不允许拒绝网络访问您的 app/etc/local.xml 文件,因此任何拥有 Web 浏览器的人都可以看到您的所有数据库凭据和加密密钥。
Another issue might be that your file/directory permissions are too lax.
另一个问题可能是您的文件/目录权限太宽松。
For Magento running under FastCGI, SuPHP or LSAPI
适用于在 FastCGI、SuPHP 或 LSAPI 下运行的 Magento
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh
For Magento running under DSO (mod_php)
对于在 DSO (mod_php) 下运行的 Magento
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod o+w var var/.htaccess app/etc
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh
chmod -R o+w media
For the question below,the app/etc folder is supposed to have the following .htaccess file in place. Trying to read anything through the server should throw a 403 error. Your next step is to get in touch with your web hoster to find out why that file is not being honored.
对于下面的问题,app/etc 文件夹应该有以下 .htaccess 文件。尝试通过服务器读取任何内容都会引发 403 错误。您的下一步是与您的网络托管服务商取得联系,以找出该文件未获批准的原因。
Order deny,allow
Deny from all
Note:If you are using alternative http servers like nginx, you must search down all of the .htaccess files created in Magento's directory tree and recreate all the .htaccess functions used by Magento in your nginx setups so you have the same file/directory protections as a standard Apache DSO install. Same goes for Windows installations on IIS.
注意:如果您使用替代的 http 服务器,例如 nginx,您必须搜索在 Magento 目录树中创建的所有 .htaccess 文件,并在您的 nginx 设置中重新创建 Magento 使用的所有 .htaccess 函数,以便您拥有相同的文件/目录保护作为标准的 Apache DSO 安装。IIS 上的 Windows 安装也是如此。
回答by Andre Nickatine
The app/etc/local.xml file needs to be chmodded to 600 and the error will go away ;)
app/etc/local.xml 文件需要修改为 600,错误就会消失;)
回答by Brijmohan karadia
1.Add following in httpd.conf.
1.在httpd.conf中添加以下内容。
<Directory "/var/www/html/app/etc">
Options FollowSymLinks
AllowOverride All
</Directory>
set permission from ftp to local.xml =>600
sudo /etc/init.d/httpd restart
sudo /etc/init.d/httpd reload
将权限从 ftp 设置为 local.xml =>600
sudo /etc/init.d/httpd restart
sudo /etc/init.d/httpd reload
回答by PiTheNumber
Magento checks if /app/etc/local.xml
is accessible (using curl). You can try it yourself in the browser to verify.
Magento 检查是否/app/etc/local.xml
可以访问(使用 curl)。您可以在浏览器中自行尝试验证。
To fix this you have make sure this file is not visible anymore. How you do that depends on your webserver. Magento ships with a .htaccess
to prevent the access but you might have copied the folders without the hidden files. cp
does not copy them. Or apache can not access .htaccess
check file permissions.
要解决此问题,您必须确保该文件不再可见。您如何做到这一点取决于您的网络服务器。Magento 附带一个.htaccess
以防止访问,但您可能复制了没有隐藏文件的文件夹。cp
不复制它们。或者apache无法访问.htaccess
检查文件权限。
回答by Daly Design
I tried all the above and none worked on our web hosting. "AllowOverride All" would not work on our vhosts.conf and as a result, "Deny from all" was being ignored.
我尝试了上述所有方法,但没有一个适用于我们的网络托管。“AllowOverride All”在我们的 vhosts.conf 上不起作用,因此,“Deny from all”被忽略。
Add this code to .htaccess and it works a charm...
将此代码添加到 .htaccess 中,它很有魅力......
##### Block access to local.xml #####
RewriteRule ^(.*)local.xml$ - [F,L]
回答by A B M Mehedi Hasan
I solved this problem by following these steps:
我按照以下步骤解决了这个问题:
Confirm that there is an .htaccess file in the app subdirectory of the Magento installation. If the .htaccess file is missing, create a new .htaccess file in the app subdirectory that contains the following directives:
确认 Magento 安装的 app 子目录中有一个 .htaccess 文件。如果 .htaccess 文件丢失,请在包含以下指令的 app 子目录中创建一个新的 .htaccess 文件:
Order deny,allow
Deny from all
Confirm that file permissions are set correctly. Generally, directories should have permissions set to 755 (read, write, and execute permissions for the user, and read and execute permissions for the group and world). Files should have permissions set to 644 (read and write permissions for the user, and read permissions for the group and world).
确认文件权限设置正确。通常,目录的权限应该设置为 755(用户的读取、写入和执行权限,以及组和世界的读取和执行权限)。文件的权限应该设置为 644(用户的读写权限,以及组和世界的读取权限)。
Please change the .htaccess file permission to 644 then refresh the magento admin page.
请将 .htaccess 文件权限更改为 644,然后刷新 magento 管理页面。
回答by Arunprasath D
@Brijmohan karadia and @Spudley
@Brijmohan karadia 和 @Spudley
Your solution worked. I am using AWS Linux for Magento installation.
您的解决方案有效。我正在使用 AWS Linux 进行 Magento 安装。
Go to /etc/httpd/conf/httpd.conf
Add following in httpd.conf.
Options FollowSymLinks AllowOverride All
转到/etc/httpd/conf/httpd.conf
在 httpd.conf 中添加以下内容。
选项 FollowSymLinks AllowOverride All
3.set permission from SSH/FTP to local.xml =>600 in the file path /app/etc/local.xml
3.在文件路径/app/etc/local.xml中将SSH/FTP权限设置为local.xml =>600
- sudo service httpd restart
- 须藤服务 httpd 重启