CyberHosting

RainLoop data folder is accessible

websamwebsam
in Web Server
When I open the rainloop admin panel I find the following warning:

RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. Read more here: https://www.rainloop.net/docs/installation

Could someone help me solve it as I am not getting it, so I know there has to be with .htaccess rules

something like this:


Deny From All



Require all denied


but it is not working for me when I create .htaccess inside the folder /usr/local/lscp/cyberpanel/rainloop/data
Share on Facebook

Comments

  • CyberPanelCyberPanel
    We will take care of this.
    Share on Facebook
  • jvnadrjvnadr
    This is critical. You have left exposed all the files inside rainloop installation. For example, I can download from https://xxxx:8090/rainloop/data/_data_/_default_/configs/ the file application.ini that has all the details (database password etc.) from rainloop installation. It is a MAJOR security hole! I cannot understand how you have left it for over 15 days (!!!) without any response...
    Share on Facebook
  • niallniall
    Has this been fixed yet? I'm on Cyberpanel 1.8.2 and the Rainloop Admin panel is showing the same warning.
    Share on Facebook
  • CyberPanelCyberPanel
    This has been fixed, data folder is now out of the document root of rainloop. I think rainloops check it via rewrite file which we don't use to protect the folder.
    Share on Facebook
  • websamwebsam
    Hello! the warning still continues for me in a new installation that I did

    Notice:
    Warning!

    RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. Read more here: https://www.rainloop.net/docs/installation

    --

    in the install page of rainloop has the following solution for nginx:

    If you are using nginx, add the following to your domain configuration file:

    location ^ ~ / data {
       deny all;
    }

    however, nothing for cyberpanel with litespeed ={
    Share on Facebook
  • CyberPanelCyberPanel
    You will not be able to access data folder it is out of the document root.
    Share on Facebook
  • herbertserranoherbertserrano

    essayservice said:
    Hello! the warning still continues for me in a new installation that I did

    Notice:
    Warning!

    RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. Read more here: https://www.rainloop.net/docs/installation

    --

    in the install page of rainloop has the following solution for nginx:

    If you are using nginx, add the following to your domain configuration file:

    location ^ ~ / data {
       deny all;
    }

    however, nothing for cyberpanel with litespeed ={
    You should know you can't go to a directory outside of the www root.
    Share on Facebook
Sign In or Register to comment.
CyberHosting CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Categories

In this Discussion