Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System check - don't request private directories when disabled #18967

Closed
HCl-not-HCi opened this issue Mar 18, 2022 · 2 comments · Fixed by #19031 or #19137
Closed

System check - don't request private directories when disabled #18967

HCl-not-HCi opened this issue Mar 18, 2022 · 2 comments · Fixed by #19031 or #19137
Assignees
@bx80
Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.

Comments

@HCl-not-HCi
Copy link
Contributor

I think there is a regression regarding #17589. When I run the system check, matomo requests the global.ini.php despite enable_required_directories_diagnostic is disabled. If I remember correctly, it worked when the option was first released in 4.6.0.

Expected Behavior

If I disable enable_required_directories_diagnostic, matomo should not use HTTP requests to check whether /config/global.ini.php is (not) accessible.

Current Behavior

I see two HTTP requests in the log leading to errors because /config/global.ini.php is not accessible (what's the goal), but this leads to the webhosting provider blocking my IP address after a few tries.

2022-03-18 11:17:51	Error  403  GET /config/global.ini.php HTTP/1.0
2022-03-18 11:17:51	Error  403  GET /config/global.ini.php HTTP/1.0
2022-03-18 11:17:51	Error  	    AH01630: client denied by server configuration: /var/www/vhosts/example.com/subdomain.example.com/config/global.ini.php
2022-03-18 11:17:51	Error  	    AH01630: client denied by server configuration: /var/www/vhosts/example.com/subdomain.example.com/config/global.ini.php

Possible Solution

Prevent these requests if enable_required_directories_diagnostic is disabled just like it was before.

Steps to Reproduce (for Bugs)

  1. Disable enable_required_directories_diagnostic in config.ini.php
  2. Run the system check
  3. Look into the access log (of Apache) and find accesses to /config/global.ini.php

Context

Some webhosting providers IP ban hosts if they request files/directories that are forbidden using .htaccess (e.g. matmo's config files).

Your Environment

  • Matomo Version: 4.8.0
  • PHP Version: 7.4.28
  • Additionally installed plugins: -
@HCl-not-HCi HCl-not-HCi added the Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. label Mar 18, 2022
@bx80
Copy link
Contributor

bx80 commented Mar 31, 2022

Hi @HCl-not-HCi, thanks for reporting this. It looks like the additional access rule checks for PHP-FPM added by #18398 are causing access requests to global.ini.php and not respecting the enable_required_directories_diagnostic config setting. I've created a PR to fix this.

@bx80 bx80 added Regression Indicates a feature used to work in a certain way but it no longer does even though it should. and removed Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. labels Mar 31, 2022
@bx80 bx80 self-assigned this Mar 31, 2022
@bx80 bx80 mentioned this issue Mar 31, 2022
Merged
11 tasks
@HCl-not-HCi
Copy link
Contributor Author

Thank you @bx80 :)

@HCl-not-HCi HCl-not-HCi mentioned this issue Apr 23, 2022
Merged
11 tasks
@justinvelluppillai justinvelluppillai changed the title System check tries to request private directories again although disabled System check - don't request private directories when disabled May 9, 2022
@Findus23 Findus23 mentioned this issue Jul 10, 2022
Open
@HCl-not-HCi HCl-not-HCi mentioned this issue Nov 2, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bx80 bx80

Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Projects
None yet
Milestone
No milestone
2 participants
@HCl-not-HCi @bx80