Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
Data directory post is not properly secured
Avatar
Wolfling #1
Member for a week · 2 posts
Group memberships: Members
Show profile · Link to this post
Subject: Data directory post is not properly secured
Good day to all!
I decided to try DokuWiki instead of MediaWiki, but a problem with security appeared.
I sent files by FTP on my shared hosting in the subfolder "d", and renamed htaccess, but I can see text by the link
http://yourserver.com/data/pages/wiki/dokuwiki.txt
There are warning in the admin panel about "it seems your data directory is not properly secured". I didn't change any information after installation. I looked for any information in Google, but no one from advices didn't help me. It's look like as the system does not see the file htaccess in the subfolder "data". May be it's possible to fix this issue?

I can provide any additional information for solving this problem.
Avatar
schplurtz (Moderator) #2
Member since Nov 2009 · 493 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
Hi,
Which htaccess files did you rename ?
For your security problem, there is a default .htaccess file in the data folder.
Do not modify this file, it is perfectly fine.

Now, if this .htaccess is ignored by the webserver, it obviously can't protect your site
and you have to find other ways. This unfortunate situation is dokumented.
See https://www.dokuwiki.org/security#rename_data_directory

1) For example, with FTP rename data to irohgh7Iedae6joht0ahl6
2) with FTP (because at this time DW is broken) edit conf/local.php,
    add the setting :
    $conf['savedir']     = './irohgh7Iedae6joht0ahl6';
Avatar
Wolfling #3
Member for a week · 2 posts
Group memberships: Members
Show profile · Link to this post
Thank's a lot for your answer!

I renamed '.htaccess.dist' to '.htaccess'.

According to your advice I renamed folder 'data'.

I wrote a letter to host-provider about this problem. This problem appered because hoster uses nginx for static files and apache for others.
Avatar
schplurtz (Moderator) #4
Member since Nov 2009 · 493 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
I renamed '.htaccess.dist' to '.htaccess'.
I understand. That's OK, but probably useless too, unfortunately.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-11-12, 05:51:43 (UTC +01:00)