1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Securing XenForo directories

Discussion in 'XenForo Questions and Support' started by Sharkodile, Mar 12, 2015.

  1. Sharkodile

    Sharkodile Member

    I have password protected the install folder and admin.php/admindav.php files. My question is, does the same need to be done to data, internal_data, js and library?

    Should be worried about people trying to access files in these directories by typing in, say, "<url>/library/config.php"?
  2. Mike

    Mike XenForo Developer Staff Member

    The out of the box configuration (for Apache) blocks all access to the library and internal_data directories. (The friendly URL config for Nginx also blocks them.)

    Your data and js directories need to be accessible though.
    Sharkodile likes this.

Share This Page