data/VERSION file and "client denied by server configuration" log - Fail2Ban problem

[sbrodriguez]

Hello everybody.

I have Rainloop version 1.13.0 installed in Apache2 version 2.4.25 in Debian.

The documentation contains that "data" folder shouldn't be accesible from Internet, as you can see here https://www.rainloop.net/docs/installation/#notice

I create the .htaccess file denying access to data folder, and now I change this config to apache conf file with this lines:

  <Directory "/var/www/html/rainloop/data/" >
    Require all denied
  </Directory>

But the result is allways the same, the Apache2 error log allways shows:

[Mon Sep 30 13:25:41.547907 2019] [access_compat:error] [pid 654] [client 212.89.2.250:6228] AH01797: client denied by server configuration: /var/www/html/rainloop/data/VERSION, referer: https://xxx/?admin

All directories and files permissions are Ok, as the documentation says, and I haven't problem when I click on "about" menu, showing the current version of the software.

But this vehaviur affects the fail2ban filters, because Apache filter has the same line that I have shown some lines before:

failregex = ^%(_apache_error_client)s (AH(01797|01630): )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$

Fail2ban allows create a whitelist in where add IP addressess, but it is not effective at all.

Is neccesary another Apache configuration??? if it is not possible, could you fix this issue or tell me something wrong in my config, please???

Thanks in advance.
Regards

[the-djmaze]

dev/Stores/Admin/App.js

Remove the if (settingsGet('Auth')) { ... } part