Magento Apache 配置(app/etc/local.xml 可访问警告) [英] Magento Apache configuration (app/etc/local.xml accessible warning)

问题描述

刚刚在 Linux 服务器上安装了 Magento.

Just finished installing Magento on a Linux server.

当我进入 Magento管理面板"时，我可以在页面顶部.

When I go to the Magento "Admin Panel" I can see the following message at the top of the page.

您的网络服务器配置不正确.因此，可以从外部访问带有敏感信息的配置文件.请联系您的托管服务提供商.

Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from outside. Please contact your hosting provider.

出现此错误消息的最可能原因是什么?

What is the most likely cause for this error message?

谢谢，

约翰·戈什

推荐答案

Magento 在各种目录中使用 .htaccess 文件来拒绝对目录树的访问.您可以在应用程序、媒体、var 以及 Magento 认为适合粘贴它们的任何其他地方找到它们.他们做各种各样的事情，比如拒绝查看(app、var)、执行(media .htaccess).要使这些 .htaccess 文件正常工作，在文档根目录 .htaccess 或虚拟服务器配置中进行以下设置非常重要.

Magento uses .htaccess files in various directories to deny access to the directory trees. You will find them in app, media, var, and wherever else Magento sees fit to stick them. They do various things like deny viewing (app, var), executing (media .htaccess). For these .htaccess files to work, it is really important that the following be set in either the doc root .htaccess or in the virtual server configuration.

Options FollowSymLinks
AllowOverride All

很有可能，Magento 检测到应用目录 .htaccess 文件不被允许拒绝对您的应用程序/etc/local.xml 文件的网络访问，因此您的所有数据库凭据和加密密钥对任何拥有网络浏览器.

More than likely, Magento detects that the app directory .htaccess file isn't being allowed to deny network access to your app/etc/local.xml file, so all your database credentials and encryption key are visible to anyone with a web browser.

另一个问题可能是您的文件/目录权限太松.

Another issue might be that your file/directory permissions are too lax.

对于在 FastCGI、SuPHP 或 LSAPI 下运行的 Magento

For Magento running under FastCGI, SuPHP or LSAPI

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh

对于在 DSO (mod_php) 下运行的 Magento

For Magento running under DSO (mod_php)

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod o+w var var/.htaccess app/etc
chmod 550 pear #for Magento pre 1.5
chmod 550 mage #for Magento 1.5 and up
chmod 550 cron.sh
chmod -R o+w media

对于下面的问题， app/etc 文件夹应该有以下 .htaccess 文件.尝试通过服务器读取任何内容都会引发 403 错误.您的下一步是与您的网络托管服务商联系，以找出该文件未获批准的原因.

For the question below, the app/etc folder is supposed to have the following .htaccess file in place. Trying to read anything through the server should throw a 403 error. Your next step is to get in touch with your web hoster to find out why that file is not being honored.

Order deny,allow
Deny from all

注意:如果你使用像 nginx 这样的替代 http 服务器，你必须搜索在 Magento 目录树中创建的所有 .htaccess 文件，并在你的 nginx 中重新创建 Magento 使用的所有 .htaccess 函数设置，以便您拥有与标准 Apache DSO 安装相同的文件/目录保护.在 IIS 上安装 Windows 也是如此.

Note: If you are using alternative http servers like nginx, you must search down all of the .htaccess files created in Magento's directory tree and recreate all the .htaccess functions used by Magento in your nginx setups so you have the same file/directory protections as a standard Apache DSO install. Same goes for Windows installations on IIS.

这篇关于Magento Apache 配置(app/etc/local.xml 可访问警告)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！