[TYPO3-english] Filelist Error by hiding fileadmin
Michael Schams
typo3.lists at 2014.trash.schams.net
Thu Mar 13 03:38:17 CET 2014
On 2014-03-13 11:46, Mike Kane wrote:
> Recently i just realized that "fileadmin" folder was accessible
> through the browser by going "http://mywebsite.com/fileadmin"
By "accessing", you mean everyone can see files and directories
and browse through the file system, right?
> so i tried to hide it in cPanel using "Index Manager", where i changed
> the
> CHMOD of the folder to CHMOD 711 (default was 755), which means i
> removed the read properties from "Group" and "World"
Depending on the setup of your server, you should allow at least the
group to access the directory (enter the directory), which means,
chmod 755 or chmod 750 may be required.
But in most cases, chmod 755 should be perfectly fine and you
probably want to address this issue in a different way: disable
"Directory Indexing".
You will find detailed information about this in the official TYPO3
Security Guide (chapter "Guidelines for System Administrators", section
"Directory indexing"):
http://docs.typo3.org/typo3cms/SecurityGuide/
This is a configuration of your web server, so you possibly want to
check the web server section in cPanel (e.g. Apache).
> In a desperate solution, i changed again the CHMOD of the folder to
> the default status, but the errors remain...
Ensure, you really have changed the permissions back of all folders,
and clear TYPO3's cache (just in case).
Cheers
Michael
More information about the TYPO3-english
mailing list