[Resolved] Your web server is set up incorrectly and allows unauthorized access to sensitive files
Vinh Jacker | 04-20-2016
![[Resolved] Your web server is set up incorrectly and allows unauthorized access to sensitive files - Mageplaza](https://cdn.mageplaza.com/media/general/oIXG4Aq.jpg)
Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider Magento 2
After Install Magento 2 package, you may face the folder permissions error Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider. It means that any visitor can get access to your files.
Everytime Magento create a new folder, it will set permission to 770 and may get error in this case. If you change it to 755, it is working normally. So how to resolve this error in Magento 2? In this guide, we will show you how to resolve “Your web server is set up incorrectly and allows unauthorized access to sensitive files” correctly.
In the Magento Community forum, there are many people who have the same problem.
When look into Magento 2 Code Core, you can see class Magento\AdminNotification\Model\System\Message\Security function getText() It return the following message:
Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider
You also see method _isFileAccessible for futher information.
In this investigation, we can say all files, folders in app/etc/* is accessible from unauthority visitors such as app/etc/env.php file which contain database information, encryption key, admin URL and more …
How to resolve the problem?
First you need to set the permissions on your magento web server directory so that you ‘webuser’ are the owner of the files and ‘nginx’ as the group. To do this, as a user with root privileges issue the command:
chown -R webuser:nginx /path
where /path = the root path for your magento installation. And next
find -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento
Now when you run the cron, make sure you are doing this as the owner of the file system, in this example called ‘webuser’. Do NOT run it as root as the files created will have root as the owner.
Recommendations
If you are still facing this problem, you should consider finding a better hosting here. All list of Magento 2 hosting providers for you to get started.
Final words
The problem Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider. will be solved in a minute with the above tutorial. To protect your site better, you can go to Mageplaza Magento 2 Security. If you need more support in security issues, please chat with us.
Jacker is the Chief Technology Officer (CTO) at Mageplaza, bringing over 10 years of experience in Magento, Shopify, and other eCommerce platforms. With deep technical expertise, he has led numerous successful projects, optimizing and scaling online stores for global brands. Beyond his work in eCommerce development, he is passionate about running and swimming.
Related Post
Change Welcome Message - Mageplaza
Customize the welcome message on your store's homepage to provide a personalized touch for your customers. Improve the user experience with our step-by-step guide.
Configure Magento 2 Contact Form & Email: Detailed Guides - Mageplaza
Configure the email address for your Magento 2 store's contact form and ensure that your customers can easily get in touch with you with this informative guide
How to Install Magento 2 with Sample Data - Mageplaza
How to install Magento 2 with Sample Data. In this topic we will discuss about How to Install Magento 2 Step by Step in Manage Store topic
6 Steps To Stop Brute Force Attacks - Mageplaza
How To Stop Brute Force Attacks in Magento 1, 2. In this topic we will discuss about How To Stop Brute Force Attacks in Manage Store topic
How to set Locale, Language, and Country in Magento 2 - Mageplaza
Setup Locale State Country in Magento 2 provides setup your store information on Locale Options that determines the timezone, language, country and the days.
Change Welcome Message - Mageplaza
Customize the welcome message on your store's homepage to provide a personalized touch for your customers. Improve the user experience with our step-by-step guide.
Configure Magento 2 Contact Form & Email: Detailed Guides - Mageplaza
Configure the email address for your Magento 2 store's contact form and ensure that your customers can easily get in touch with you with this informative guide
How to Install Magento 2 with Sample Data - Mageplaza
How to install Magento 2 with Sample Data. In this topic we will discuss about How to Install Magento 2 Step by Step in Manage Store topic
6 Steps To Stop Brute Force Attacks - Mageplaza
How To Stop Brute Force Attacks in Magento 1, 2. In this topic we will discuss about How To Stop Brute Force Attacks in Manage Store topic
How to set Locale, Language, and Country in Magento 2 - Mageplaza
Setup Locale State Country in Magento 2 provides setup your store information on Locale Options that determines the timezone, language, country and the days.