XF 1.4 Securing XenForo directories

S

Sharkodile

Member
I have password protected the install folder and admin.php/admindav.php files. My question is, does the same need to be done to data, internal_data, js and library?

Should be worried about people trying to access files in these directories by typing in, say, "<url>/library/config.php"?
 
Sort by date Sort by votes
The out of the box configuration (for Apache) blocks all access to the library and internal_data directories. (The friendly URL config for Nginx also blocks them.)

Your data and js directories need to be accessible though.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
backup of important directories in /data and /internal_data
Replies
11
Views
796
⭐ Alex ⭐
⭐ Alex ⭐
Katsuro
nginx-related manual security fault
Replies
1
Views
353
Chris D
Chris D
Dannymh
XF 2.2 fopen with \XF\Util\File::getTempFile failing
Replies
1
Views
255
Dannymh
Dannymh
Ferry
  • Solved
XF 2.2 Not importing attachments when migrating from XF to XF
Replies
6
Views
491
Ferry
Ferry
Dashmiel
  • Question Question
MG 2.2 Requested content cannot be loaded
Replies
4
Views
396
Jeremy P
Jeremy P
Top Bottom