Open grandpaslab opened 2 years ago
@grandpaslab Thanks for reporting this issue. I'm not sure if it would be easy to automatically handle such specific setups correctly.
In your case maybe it makes more sense to simply disable the diagnostic check by setting the config value enable_required_directories_diagnostic
Expected Behavior
No error when /config, /tmp, etc. are not accessible through the browser
Current Behavior
False-positive "required private directories" error in System Check when access to /config, etc. is prohibited, but app is behind SAML auth w/ LoginLdap's web server auth enabled.
Possible Solution
System Check should only show the "required private directories" error if the requested directories/files are returned.
Steps to Reproduce (for Bugs)
Context
I'm running Matomo with the LoginLdap plugin for user management, and using Okta SAML auth via mod_auth_mellon (Apache) to set REMOTE_USER. mod_auth_mellon redirects to an Okta login page. Presumably the system check is assuming any 200 response means the requested file (/config/config.ini.php, etc.) is exposed through the web.
Your Environment