-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add .htpasswd to banned locations in nginx config #34388
Add .htpasswd to banned locations in nginx config #34388
Conversation
Hi @marvinhinz. Thank you for your contribution
❗ Automated tests can be triggered manually with an appropriate comment:
You can find more information about the builds here ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review. For more details, please, review the Magento Contributor Guide documentation. 🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket. 🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
Hi @ihor-sviziev, thank you for the review. |
@magento run all tests |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
Hi @marvinhinz and @ihor-sviziev |
@magento run Functional Tests B2B, Functional Tests CE, Functional Tests EE |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
@magento run Functional Tests B2B, Functional Tests CE, Functional Tests EE |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
@magento run Functional Tests CE |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
2 similar comments
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
@magento run Functional Tests CE |
Hi @ihor-sviziev, thank you for the review. |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
1 similar comment
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
This is expected result
…On Mon, 17 Jan 2022 at 09:40 Aanchal Pawar ***@***.***> wrote:
@ihor-sviziev <https://github.com/ihor-sviziev>
I have created a file .htpaswrd / .htaccess in pub folder of magento
2.4-develop and We are not able to access it from web browser
[image: Screenshot 2022-01-14 at 2 30 27 PM]
<https://user-images.githubusercontent.com/97873570/149726935-ee54ab13-8c71-466b-ade8-d21b47129be5.png>
—
Reply to this email directly, view it on GitHub
<#34388 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAOJOUJSWVQFKEVUBQQBGBTUWPBXRANCNFSM5GJGN54A>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Hi @ihor-sviziev , @marvinhinz , @hostep and @andrewbess We have just followed the below given steps:
As per the above comments and descriptions, I have to expect the issue where we should be able to access the created files. But there is no issue as such prior pulling the PR changes, because the files are not accessible as shown the below screenshot. Kindly recommend us if we have to change in our execution procedure. cc: @engcom-Dash |
@magento create issue |
Description (*)
The nginx config file contains a section that catches and blocks requests that dont match the other blocks. If the .htaccess is blocked, it just seems logical to exclude the .htpasswd too because of sensitive data.
Sometimes nginx is used in front of apache as a reverse proxy, so it is possible for apache config files to exist.
Related Pull Requests
Fixed Issues (if relevant)
Manual testing scenarios (*)
Questions or comments
Contribution checklist (*)
Resolved issues: