New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return 403 for /console via htaccess #13492
Comments
Not sure but AFAIK we don't put an htaccess file into the root folder eg because users might have their own htaccess defined there. I might be wrong though. |
Couldn't we just use |
exactly. The source is public anyway though so it is not much of a problem. |
Exactly, this isn't that less about security (as everyone can already knows the content), but more about not showing URLs that can be confusing to the user or appear broken. |
Well I dont see a good method to provide a .htaccess now without breaking existing installations. |
Personally I would close this issue. If someone is concerned about it, they can block it in their htaccess or webserver. We're not showing the URLs to users so they shouldn't get confused IMO |
By default, opening /console shows the PHP source, which is a bit ugly.
http://demo.matomo.org/console
The default .htaccess file should return 403 for this path.
The text was updated successfully, but these errors were encountered: