المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : الرين لوب Rainloop حل مشكلة Warning! RainLoop data folder is accessible



Rise Company
09-04-2020, 16:23
الرين لوب Rainloop حل مشكلة Warning! RainLoop data folder is accessible
RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access
Security: htaccess inside data folder- How to hide the data directory from external access
RainLoop data folder is accessible - how to remove the message?
rainloop data folder is accessible apache

https://www.rise.company/upload/uploads/158644220709151.png


Warning!
RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. Read more here: https://www.rainloop.net/docs/installation


Notice

All configuration files of the application, as well as temporary ones (attachments, logs, etc.) are stored in data directory, so it's important to make sure that users cannot access that directory over the Internet directly.

Application uses .htaccess for basic protection but it might not work if you're using a web server other than Apache (http://httpd.apache.org/), and even Apache (http://httpd.apache.org/) can be configured to disregard .htaccess files.
If you're using nginx (http://nginx.org/), add the following to your domain configuration file:

حل المشكلة :

this way you can get this warning. It will ask you to ensure
that you do not have permission to access the data directory.


https://www.rise.company/forum/images/imported/2020/04/57.png


حل المشكلة :

الحل فى ملف .htaccess والذى هتجده فى مكانين

1- فى المسار public_html تاكد ان بداخله لايوجد كود غريب
2- فى مسار rainloop تاكد ان بداخله لايوجد كود غريب


3- داخل مسار rainloop تاكد فىdata بداخله كود deny

حل المشكلة هو فى الغالب هتجد كود redirect للصفحات الخطا مثل 400, 401, 402, 403, 404
قم بازالة هذا الكود فى public_html او rainloop اذا وجدته او مثيل له.

وفى الغالب لا يوجد مشكلة , هذه رسالة false positive والمسار محمي طالما ان هناك تحويل
وقد لا يوجد حاجة لوضع كود فى No need of a special .htaccess file
لان بالفعل موجود اثناء التثبيت.

https://www.rise.company/upload/uploads/158655574150241.png

افتح ftp ثم اذهب الى مسار rainloop المثبت, اذا كان rainloop لديك على المسار التالي
www.yoursitename.com/mail/
هتجد داخل المسار مجلد باسم data بداخله هتجد htaccess افتحه وتاكد من موجد “deny from all”

If you want, you can create a htaccess file
/public_html/mail/data/


By default install you will get an alert in the admin panel that alert you the data folder si not secure (readable), the documentation doesn't help to fix this for Apache.
https://www.rainloop.net/docs/installation/
Solution for Apache 2.4 is replace or just add the content inside .htaccess
deny from all
or

Require all denied

also the guide should be updated with information about how to solve the issue on Apache.


[/CODE]للتاكد ان مجلد data محمي, جرب فتحه من خلال الرابط التالي :
www.yoursitename.com/mail/data/ (http://www.yoursitename.com/mail/data/)

حيث ان الملف الهام الذى به بيانات config و قاعد البيانات على المسار التالي
https://www.yoursitename/mail/data/_data_/_default_/configs/application.ini

المرجع :
https://www.rainloop.net/docs/installation/#notice
https://github.com/pierre-alain-b/rainloop-nextcloud/issues/62
https://help.nextcloud.com/t/warning-rainloop-data-folder-is-accessible/33033/8
https://blog.veriloji.com/freebsd-uzerine-rainloop-webmail-kurulumu/
https://github.com/RainLoop/rainloop-webmail/issues/1700
https://help.nextcloud.com/t/warning-rainloop-data-folder-is-accessible/33033