Mobile app version of vmapp.org
Login or Join
Eichhorn148

: Error.log file in public_html which is publically viewable? There is a file in my public_html folder called error.log which is viewable by anyone if they just enter the URL in their browser,

@Eichhorn148

Posted in: #Apache #Error

There is a file in my public_html folder called error.log which is viewable by anyone if they just enter the URL in their browser, like: example.com/error.log

I'm running Apache. My question is, how can I hide or perhaps move this error.log so that it isn't visible to regular users?

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
RewriteEngine On

# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation. #RewriteBase /xenforo

# This line may be needed to enable WebDAV editing with PHP as a CGI. #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^error.log$ - [F]
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon.ico|crossdomain.xml|robots.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Eichhorn148

2 Comments

Sorted by latest first Latest Oldest Best

 

@Si4351233

I prefer to have my error log outside a publicly accessible directory. You can change the location of the error log either in your virtual host configuration or via a htaccess file:

php_value error_log /home/path/error.log


Alternatively if you don't want to change its location you can prevent access like this

<Files error.log>
Order allow,deny
Deny from all
Satisfy All
</Files>


I prefer this over using mod_rewrite as that's not a terribly efficient way and this method won't break if you change the order of your rules.

10% popularity Vote Up Vote Down


 

@Ogunnowo487

Yes, this file should not be publically accessible over HTTP. Presumably this is generated by your webhost and not by your own scripts? In which case your host should really have implemented the necessary restriction to block access, however, you can do this yourself in .htaccess:

RewriteRule ^error.log$ - [F]


This should be placed above any existing mod_rewrite directives, following the RewriteEngine On directive.

This will serve a 403 Forbidden if you attempt to access this file over HTTP. You will need to download it over FTP.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme