We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 51020
    • 670 Posts
    I have mentioned this issue before, but it just won't go away!

    I have several sites, all of which are configured more or less the same way, on the same server.
    ONE of them has the dreaded message on the dashboard:
    Core folder is accessible by web

    I know I could move the Core folder outside of the site directory, but I just want to understand why it's happening first. All my other sites check out fine. I have used the SAME .htaccess file in the root and core folder on all of the sites.
    The .htaccess in the core folder says this:

    IndexIgnore */*
    <Files *>
    Order Deny,Allow
    Deny from all
    </Files>
    
    


    Permissions on the Core folder are 775

    One strange thing though - If I try to visit: site.com/core/docs/changelog.txt in a browser - it diverts me to the home page - but all my other sites send me to my 404 page.

    The unauthorised page setting is set to a published page in my resource tree.

    I'm sure this must be linked - any ideas on what I'm missing?


    Thanks!
    Andy