After upgrading to Matomo 4.3 I started receiving the following critical issues under the system checks. How do I change the access restrictions on these files. Is this done at a system level or web server level. I am currently running Apache2 as my web server. These errors did not occur before the 4.3 upgrade.
Required Private Directories:
/config/config.ini.php
/tmp/
/tmp/empty
/tmp/cache/tracker/matomocache_general.php
/lang/en.json
We found that the above URLs are accessible via the browser, but they should NOT be. Allowing them to be accessed can pose a potential security risk since the contents can provide information about your server and potentially your users. Please restrict access to them.
We also found that Matomo’s config directory is publicly accessible. While attackers can’t read the config now, if your webserver stops executing PHP files for some reason, your MySQL credentials and other information will be available to anyone. Please check your webserver config and deny access to this directory.
1 post - 1 participant