MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > Problem With mybb Create Log File in Root and Any user can Access
Full Version: Problem With mybb Create Log File in Root and Any user can Access
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

HighRank2267

2020-07-30, 01:23 AM
hi I have see mybb create an Errorlog file in root /var/www/mybb/error.log

any user can acesss to mylink and download the error log like

example.com/error.log

How i can secure That to Block any user to have possibility to Download the file ?

If i Disabled Because i think i can in the admon panel disabled that option After is okais ?

if I dont disabled and i change the root path of the error log if is possible After is secure or not ? and How i can change the root path of the error log file will be
my bad I have see in Admin control panel Hide error And warning and i have change the folder path ? If i understand Is will not Create Any File Now ? Does i have another option to see the error log in admin control panel example ?

.m.

2020-07-30, 03:13 AM
we use below rule in .htaccess file to deny access to error.log files through browser 
<Files "error.log">
Order Deny,Allow
Deny from all
</Files>

Edit: rule for nginx server :
location ~ /error.log 
{ 
    deny all; 
}

nixer55

2020-07-30, 12:31 PM
(2020-07-30, 03:13 AM).m. Wrote: [ -> ]we use below rule in .htaccess file to deny access to error.log files through browser 
<Files "error.log">
Order Deny,Allow
Deny from all
</Files>

I think for Apache 2.4,  the syntax is - or should be - a little different?  Guess it depends on config, but had to change to the 2.4 syntax to secure our error.log:

link

Got caught napping on a few of those directives - lol.
MyBB Community Forums > 1.8 Support > General Support > Problem With mybb Create Log File in Root and Any user can Access