astroroxy Posted November 1, 2015 Report Share Posted November 1, 2015 When trying to login as client it redirects to /client and lists the contents of the site, normally I would submit to bugs, but it's rather urgent. Any ideas. Kinda big security flaw as sometimes just visiting it will trigger the directory list. Quote Link to comment Share on other sites More sharing options...
0 Michael Posted November 1, 2015 Report Share Posted November 1, 2015 Sounds like you have a bad htaccess or have a folder called client or login in the blesta installation. Quote Link to comment Share on other sites More sharing options...
0 astroroxy Posted November 1, 2015 Author Report Share Posted November 1, 2015 I do have the site in /var/www/client and there is a subfolder called client /var/www/client/client. I may have copied it wrong. Is there supposed to be a folder like that. It contains /apps /components/ /vendor and a few other. This may be the issue thanks =) Quote Link to comment Share on other sites More sharing options...
0 Michael Posted November 1, 2015 Report Share Posted November 1, 2015 I do have the site in /var/www/client and there is a subfolder called client /var/www/client/client. I may have copied it wrong. Is there supposed to be a folder like that. It contains /apps /components/ /vendor and a few other. This may be the issue thanks =) Yeah it sounds like it mate if you remove the client folder in client it should fix the htaccess mate Quote Link to comment Share on other sites More sharing options...
0 Paul Posted November 2, 2015 Report Share Posted November 2, 2015 It's also a good idea to disable Indexes in your httpd.conf Apache config file. This would disable directory listings globally, which is a good idea for production deployments. http://linuxconfig.org/turn-off-directory-browsing-on-apache Michael 1 Quote Link to comment Share on other sites More sharing options...
Question
astroroxy
When trying to login as client it redirects to /client and lists the contents of the site, normally I would submit to bugs, but it's rather urgent.
Any ideas. Kinda big security flaw as sometimes just visiting it will trigger the directory list.
Link to comment
Share on other sites
4 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.