@grandpaslab opened this Issue on September 9th 2022

Expected Behavior

No error when /config, /tmp, etc. are not accessible through the browser

Current Behavior

False-positive "required private directories" error in System Check when access to /config, etc. is prohibited, but app is behind SAML auth w/ LoginLdap's web server auth enabled.

Possible Solution

System Check should only show the "required private directories" error if the requested directories/files are returned.

Steps to Reproduce (for Bugs)

  1. Install & enable LoginLdap plugin
  2. Enable LoginLdap's web server auth (Kerberos/REMOTE_USER)
  3. Run system check

Context

I'm running Matomo with the LoginLdap plugin for user management, and using Okta SAML auth via mod_auth_mellon (Apache) to set REMOTE_USER. mod_auth_mellon redirects to an Okta login page. Presumably the system check is assuming any 200 response means the requested file (/config/config.ini.php, etc.) is exposed through the web.

Your Environment

  • Matomo Version: 4.11.0
  • PHP Version: 8.1
  • Server Operating System: CentOS 7.9
  • Additionally installed plugins: LoginLdap
  • Browser:
  • Operating System:
@sgiehl commented on September 12th 2022 Member

@grandpaslab Thanks for reporting this issue. I'm not sure if it would be easy to automatically handle such specific setups correctly.
In your case maybe it makes more sense to simply disable the diagnostic check by setting the config value enable_required_directories_diagnostic

Powered by GitHub Issue Mirror