Core folder is accessible by web
MODX detected that your core folder is (partially) accessible to the public. This is not recommended and a security risk. If your MODX installation is running on a Apache webserver you should at least set up the .htaccess file inside the core folder /home/admin/web/devaround.ru/public_html/core/. This can be easily done by renaming the existing ht.access example file there to .htaccess.
There are other methods and webservers you may use, please read the Hardening MODX Guide for further information about securing your site.
If you setup everything correctly, browsing e.g. to the Changelog should give you a 403 (permission denied) or better a 404 (not found). If you can see the changelog there in the browser, something is still wrong and you need to reconfigure or call an expert to solve this.
IndexIgnore */*
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
IndexIgnore */*
<Files *>
Order Deny,Allow
Deny from all
</Files>
Change the following to the .htaccess in the core folder
From:
IndexIgnore */* <files *.php=""> Order Deny,Allow Deny from all </files>
To:
IndexIgnore */* <files *=""> Order Deny,Allow Deny from all </files>
IndexIgnore */*
<files *>
Order Deny,Allow
Deny from all
</files>
Where have the ="" come from, should be:
IndexIgnore */* <files *> Order Deny,Allow Deny from all </files>
Change the following to the .htaccess in the core folder
From:
IndexIgnore */* <files *.php=""> Order Deny,Allow Deny from all </files>
To:
IndexIgnore */* <files *=""> Order Deny,Allow Deny from all </files>
Quote from: paulp at Aug 27, 2015, 12:50 PMChange the following to the .htaccess in the core folder
From:
IndexIgnore */* <files *.php=""> Order Deny,Allow Deny from all </files>
To:
IndexIgnore */* <files *=""> Order Deny,Allow Deny from all </files>
This works. Confirmed in 2.4
Quote from: nicboyde at Sep 01, 2015, 11:38 PMQuote from: paulp at Aug 27, 2015, 12:50 PMChange the following to the .htaccess in the core folder
From:
IndexIgnore */* <files *.php=""> Order Deny,Allow Deny from all </files>
To:
IndexIgnore */* <files *=""> Order Deny,Allow Deny from all </files>
This works. Confirmed in 2.4
This is not working for me on multiple sites upgrading to 2.4. My server is setup by default for no indexing, and it doesn't matter whether the file is named `.htaccess` or `ht.access` or whether the code is either of the above, when I click the link to the `http://www.mydomain.com/docs/changelog.txt` is still gets the 404 (Page Not Found), Error, yet MODX is still giving the "MODX detected that your core folder is (partially) accessible to the public."
Any other suggestions?
IndexIgnore */*
<files *.php>
Order Deny,Allow
Deny from all
</files>
IndexIgnore */*
<files *>
Order Deny,Allow
Deny from all
</files>
Quote from: nicboyde at Sep 01, 2015, 11:38 PMQuote from: paulp at Aug 27, 2015, 12:50 PMChange the following to the .htaccess in the core folder
From:
IndexIgnore */* <files *.php=""> Order Deny,Allow Deny from all </files>
To:
IndexIgnore */* <files *=""> Order Deny,Allow Deny from all </files>
This works. Confirmed in 2.4
This is not working for me on multiple sites upgrading to 2.4. My server is setup by default for no indexing, and it doesn't matter whether the file is named `.htaccess` or `ht.access` or whether the code is either of the above, when I click the link to the `http://www.mydomain.com/docs/changelog.txt` is still gets the 404 (Page Not Found), Error, yet MODX is still giving the "MODX detected that your core folder is (partially) accessible to the public."
Any other suggestions?