: Error.log file in public_html which is publically viewable? There is a file in my public_html folder called error.log which is viewable by anyone if they just enter the URL in their browser,
There is a file in my public_html folder called error.log which is viewable by anyone if they just enter the URL in their browser, like: example.com/error.log
I'm running Apache. My question is, how can I hide or perhaps move this error.log so that it isn't visible to regular users?
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
<IfModule mod_rewrite.c>
RewriteEngine On
# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation. #RewriteBase /xenforo
# This line may be needed to enable WebDAV editing with PHP as a CGI. #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^error.log$ - [F]
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon.ico|crossdomain.xml|robots.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
More posts by @Eichhorn148
2 Comments
Sorted by latest first Latest Oldest Best
I prefer to have my error log outside a publicly accessible directory. You can change the location of the error log either in your virtual host configuration or via a htaccess file:
php_value error_log /home/path/error.log
Alternatively if you don't want to change its location you can prevent access like this
<Files error.log>
Order allow,deny
Deny from all
Satisfy All
</Files>
I prefer this over using mod_rewrite as that's not a terribly efficient way and this method won't break if you change the order of your rules.
Yes, this file should not be publically accessible over HTTP. Presumably this is generated by your webhost and not by your own scripts? In which case your host should really have implemented the necessary restriction to block access, however, you can do this yourself in .htaccess:
RewriteRule ^error.log$ - [F]
This should be placed above any existing mod_rewrite directives, following the RewriteEngine On directive.
This will serve a 403 Forbidden if you attempt to access this file over HTTP. You will need to download it over FTP.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.