-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warnings about sensitive files being exposed during Matomo setup still there after using this repository #69
Comments
Bumping this! Altough I assume, since it's a warning and not an error. That the installer just checks what kind of php and webserver you use and always displays the message when you either use php-fpm, nginx or both. Don't know if a fix is really worth the time. As it would have to check configuration or file access itself somehow. |
Thanks for our input. However, on the topic of actually checking the web config, I think it would be very useful to actually do that since I am sure nearly no-one is running their Matomo instance behind a Zero Trust solution, so security vulnerabilities pertaining to readable confidential folders are very real. |
Then more people have to recognize this. As long as it's just us two the matomo contributors probably won't see a reason to work on it. And I don't know if I want to get into PHP for that. From what I see in the config, this should be save anyways. It's just an annoyance that the system check shows a misleading info there. |
The problem with this, IT security as a whole and Zero Trust is, that it is not easily understood, so it will be hard to gain a reasonable audience to raise awareness. |
Sadly true. Update on the issue for me though: It's gone. Idk why exactly. Steps I did where: enabling a crontab for the archive, setting MySql to max packet size 64MB, enabling force_ssl in the global.ini.php and updating the manifest.inc.php with the changed md5sum of that global.ini. Now all checks are green. |
While running through the current 4.11.0 setup and using the files in the repository, I still get
in PHP SAPI and Server info.
Isn't the solution to these errors to utilize the files in this repository?
The text was updated successfully, but these errors were encountered: