Magento的Apache的配置（应用程序的/ etc /访问那个local.xml警告） [英] Magento Apache configuration (app/etc/local.xml accessible warning)

问题描述

刚做完一台Linux服务器上安装Magento的。

Just finished installing Magento on a Linux server.

当我去Magento的管理面板我可以看到在下面的消息
页面的顶部。

When I go to the Magento "Admin Panel" I can see the following message at the top of the page.

您的Web服务器配置不正确。其结果是，与敏感信息的配置文件是从外部进行访问。请联系您的托管服务提供商。

Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from outside. Please contact your hosting provider.

什么是此错误信息的最可能的原因是什么？

What is the most likely cause for this error message?

谢谢，

约翰Goche

推荐答案

的Magento使用.htaccess文件在不同的目录拒绝访问目录树。你会发现他们的应用程序，媒体，VAR和任何其他地方的Magento认为合适坚持他们。他们不喜欢否认各种事情观看（应用程序，VAR），执行（媒体的.htaccess）。对于这些.htaccess文件工作，它是真正重要的是，下面无论是在文档根目录的.htaccess或虚拟服务器配置进行设置。

Magento uses .htaccess files in various directories to deny access to the directory trees. You will find them in app, media, var, and wherever else Magento sees fit to stick them. They do various things like deny viewing (app, var), executing (media .htaccess). For these .htaccess files to work, it is really important that the following be set in either the doc root .htaccess or in the virtual server configuration.

Options FollowSymLinks
AllowOverride All

更可能的，Magento的检测到的应用程序目录的.htaccess文件没有被允许拒绝您的应用程序的/ etc / local.xml文件，网络接入，让你所有的数据库凭据和加密密钥都可以看到任何一个有网络浏览器。

More than likely, Magento detects that the app directory .htaccess file isn't being allowed to deny network access to your app/etc/local.xml file, so all your database credentials and encryption key are visible to anyone with a web browser.

另一个问题可能是你的文件/目录权限过于宽松。

Another issue might be that your file/directory permissions are too lax.

有关的FastCGI下运行的Magento，SuPHP或LSAPI

For Magento running under FastCGI, SuPHP or LSAPI

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh

有关DSO下运行的Magento（mod_php的）

For Magento running under DSO (mod_php)

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod o+w var var/.htaccess app/etc
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh
chmod -R o+w media

对于下面的问题，应用/ etc文件夹应该已经制定以下.htaccess文件。试图通过服务器来读什么应该抛出一个403错误。下一步是在网络托管商取得联系，找出为什么文件不被兑现。

For the question below, the app/etc folder is supposed to have the following .htaccess file in place. Trying to read anything through the server should throw a 403 error. Your next step is to get in touch with your web hoster to find out why that file is not being honored.

Order deny,allow
Deny from all

注意：如果您使用的是另类的HTTP服务器像nginx的，您必须搜索了所有在Magento的目录树中创建的.htaccess文件，并重新一切都在你的nginx使用的Magento的功能的.htaccess设置让你有相同的文件/目录的保护作为一个标准的Apache DSO安装。同样适用于IIS的Windows安装。

Note: If you are using alternative http servers like nginx, you must search down all of the .htaccess files created in Magento's directory tree and recreate all the .htaccess functions used by Magento in your nginx setups so you have the same file/directory protections as a standard Apache DSO install. Same goes for Windows installations on IIS.

这篇关于Magento的Apache的配置（应用程序的/ etc /访问那个local.xml警告）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！