Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: htaccess inside data folder #1700

PeopleInside opened this issue May 22, 2018 · 3 comments


Copy link

commented May 22, 2018

RainLoop version, browser, OS:

CentOs - Firefox

Expected behavior and actual behavior:

The default content of .htaccess inside is not protecting if the Apache version is 2.4 (modern)

Steps to reproduce the problem:

By default install you will get an alert in the admin panel that alert you the data folder si not secure (readable), the documentation doesn't help to fix this for Apache.

Solution for Apache 2.4 is replace or just add the content inside .htaccess

deny from all


Require all denied

also the guide should be updated with information about how to solve the issue on Apache.


This comment has been minimized.

Copy link

commented Jun 5, 2018

For what it's worth, when I downloaded it via wget (version 1.12.0), the zip contained no .htaccess files at all.


This comment has been minimized.

Copy link

commented Jun 5, 2018

Seems topic on GitHub and also email to support are no more replied... maybe the owner is busy but i am asking about the security of the product... also maybe will be important consider if there are an issue no one will reply. Maybe... from what I can see. I tried to send an email to support many days ago and no replies, also here on GitHub I cannot see big replies activity.

Sad to see this because the software looks like to be nice and good. I do not know how much secure is.


This comment has been minimized.

Copy link

commented Aug 17, 2018

Two months later, same problem exists in aws instance of Ubuntu 18.04.1 with Apache 2.4. No .htaccess files in downloaded and installed today. I got around it by adding

  <Directory "/var/www/rainloop/data" >
    Require all denied

in my /etc/apache2/sites-available/000.conf. I could have used .htaccess, I choose to use the conf file instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.