Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Help
Search
Login
Register
Roundcube Community Forum
»
News and Announcements
»
General Discussion
»
sendmail log accessible without logging in, have I made a mistake?
« previous
next »
Print
Pages: [
1
]
Author
Topic: sendmail log accessible without logging in, have I made a mistake? (Read 3314 times)
_Toby_
Newbie
Posts: 4
sendmail log accessible without logging in, have I made a mistake?
«
on:
January 12, 2016, 05:26:35 PM »
Hi!
I got a problem with my setup.
http://myserver.xxx/roundcube/logs/sendmail
is readable from anywhere.
The folder is not browsable but the log is accesible if I type it in like above.
Is there any way to prevent this? I'm concerned that all contacts I have sent mail to can get there email addresses on various spam lists.
I'm using roundcube 1.1.4 on a ubuntu trusty server with apache.
Thanks in advance.
Regards,
Toby
Logged
SKaero
Administrator
Hero Member
Posts: 5,900
Re: sendmail log accessible without logging in, have I made a mistake?
«
Reply #1 on:
January 12, 2016, 07:17:24 PM »
The best thing to do is to change the document root to the public_html folder, that way none of the system files are accessible.
Logged
SK
aero
JohnDoh
Global Moderator
Hero Member
Posts: 2,868
Re: sendmail log accessible without logging in, have I made a mistake?
«
Reply #2 on:
January 13, 2016, 03:04:01 AM »
Just for completeness... Roundcube ships with a .htaccess file which blocks direct access through the webserver to the config, temp and logs folders. See
https://github.com/roundcube/roundcubemail/blob/master/INSTALL#L158
for more info. There are other things too like PHP limits set in the .htaccess file so you might also want to check why that file is not being used by Apache.
Logged
Roundcube Plugins
: Contextmenu, SpamAssassin Prefs, and moreā¦
_Toby_
Newbie
Posts: 4
Re: sendmail log accessible without logging in, have I made a mistake?
«
Reply #3 on:
January 13, 2016, 10:56:35 AM »
Thanks to both of you.
I had to enable the module rewrite in Apache as well as setting the AllowOverride All in the global config.
Now it works and it's not possible to access the file.
Logged
Print
Pages: [
1
]
« previous
next »
Roundcube Community Forum
»
News and Announcements
»
General Discussion
»
sendmail log accessible without logging in, have I made a mistake?