Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Security: htaccess inside data folder #1700
RainLoop version, browser, OS:
CentOs - Firefox
Expected behavior and actual behavior:
The default content of .htaccess inside is not protecting if the Apache version is 2.4 (modern)
Steps to reproduce the problem:
By default install you will get an alert in the admin panel that alert you the data folder si not secure (readable), the documentation doesn't help to fix this for Apache.
Solution for Apache 2.4 is replace or just add the content inside .htaccess
also the guide should be updated with information about how to solve the issue on Apache.
Seems topic on GitHub and also email to support are no more replied... maybe the owner is busy but i am asking about the security of the product... also maybe will be important consider if there are an issue no one will reply. Maybe... from what I can see. I tried to send an email to support many days ago and no replies, also here on GitHub I cannot see big replies activity.
Sad to see this because the software looks like to be nice and good. I do not know how much secure is.
Two months later, same problem exists in aws instance of Ubuntu 18.04.1 with Apache 2.4. No .htaccess files in community-latest.zip downloaded and installed today. I got around it by adding
in my /etc/apache2/sites-available/000.conf. I could have used .htaccess, I choose to use the conf file instead.