@HCl-not-HCi opened this Issue on March 18th 2022 Contributor

I think there is a regression regarding #17589. When I run the system check, matomo requests the global.ini.php despite enable_required_directories_diagnostic is disabled. If I remember correctly, it worked when the option was first released in 4.6.0.

Expected Behavior

If I disable enable_required_directories_diagnostic, matomo should not use HTTP requests to check whether /config/global.ini.php is (not) accessible.

Current Behavior

I see two HTTP requests in the log leading to errors because /config/global.ini.php is not accessible (what's the goal), but this leads to the webhosting provider blocking my IP address after a few tries.

2022-03-18 11:17:51 Error  403  GET /config/global.ini.php HTTP/1.0
2022-03-18 11:17:51 Error  403  GET /config/global.ini.php HTTP/1.0
2022-03-18 11:17:51 Error       AH01630: client denied by server configuration: /var/www/vhosts/example.com/subdomain.example.com/config/global.ini.php
2022-03-18 11:17:51 Error       AH01630: client denied by server configuration: /var/www/vhosts/example.com/subdomain.example.com/config/global.ini.php

Possible Solution

Prevent these requests if enable_required_directories_diagnostic is disabled just like it was before.

Steps to Reproduce (for Bugs)

  1. Disable enable_required_directories_diagnostic in config.ini.php
  2. Run the system check
  3. Look into the access log (of Apache) and find accesses to /config/global.ini.php

Context

Some webhosting providers IP ban hosts if they request files/directories that are forbidden using .htaccess (e.g. matmo's config files).

Your Environment

  • Matomo Version: 4.8.0
  • PHP Version: 7.4.28
  • Additionally installed plugins: -
@bx80 commented on March 31st 2022 Contributor

Hi @HCl-not-HCi, thanks for reporting this. It looks like the additional access rule checks for PHP-FPM added by #18398 are causing access requests to global.ini.php and not respecting the enable_required_directories_diagnostic config setting. I've created a PR to fix this.

@HCl-not-HCi commented on March 31st 2022 Contributor

Thank you @bx80 :)

This Issue was closed on April 28th 2022
Powered by GitHub Issue Mirror