afterlogic-support
commented
5 years ago The file is actually there under data directory, which should be sufficient. Thank you.
Closed EHCanadian closed 5 years ago
afterlogic-support
commented
5 years ago The file is actually there under data directory, which should be sufficient. Thank you.
EHCanadian
commented
5 years ago htaccess files are per directory base. While the /data/.htaccess exists /data/settings/settings.xml can be directly viewed since it does not contain a .htaccess file.
afterlogic-support
commented
5 years ago By default, unless that's explicitly reconfigured on webserver that way, .htaccess applies to current directory and all subdirectories. But we believe it's no harm to place the file into settings/ subdirectory as well.
Add Deny from all. Without this file present, anyone can view the database settings located in settings.xml & settings.xml.bak Thou Apache 2.4 will Error 500 because of the directive changes. Its a better solution than allowing http access to the contents.
Likely to be abused by exploit crawlers