astroroxy Posted November 1, 2015 Report Posted November 1, 2015 When trying to login as client it redirects to /client and lists the contents of the site, normally I would submit to bugs, but it's rather urgent. Any ideas. Kinda big security flaw as sometimes just visiting it will trigger the directory list. Quote
0 Michael Posted November 1, 2015 Report Posted November 1, 2015 Sounds like you have a bad htaccess or have a folder called client or login in the blesta installation. Quote
0 astroroxy Posted November 1, 2015 Author Report Posted November 1, 2015 I do have the site in /var/www/client and there is a subfolder called client /var/www/client/client. I may have copied it wrong. Is there supposed to be a folder like that. It contains /apps /components/ /vendor and a few other. This may be the issue thanks =) Quote
0 Michael Posted November 1, 2015 Report Posted November 1, 2015 I do have the site in /var/www/client and there is a subfolder called client /var/www/client/client. I may have copied it wrong. Is there supposed to be a folder like that. It contains /apps /components/ /vendor and a few other. This may be the issue thanks =) Yeah it sounds like it mate if you remove the client folder in client it should fix the htaccess mate Quote
0 Paul Posted November 2, 2015 Report Posted November 2, 2015 It's also a good idea to disable Indexes in your httpd.conf Apache config file. This would disable directory listings globally, which is a good idea for production deployments. http://linuxconfig.org/turn-off-directory-browsing-on-apache Michael 1 Quote
Question
astroroxy
When trying to login as client it redirects to /client and lists the contents of the site, normally I would submit to bugs, but it's rather urgent.
Any ideas. Kinda big security flaw as sometimes just visiting it will trigger the directory list.
4 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.