@tassoman opened this Issue on September 30th 2022 Contributor

The security check feature called Required (and Recomended) private directories" is now generating about 15 open issues on github if we exlude closed issues.

For example, I've put this effective directive inside apache, but looks like not enough for the feature.

<LocationMatch "^/matomo/(config|core|tmp|lang|.git)">
    Require all denied
</LocationMatch>

In my opinion private directories shouldn't served by apache. So, for a next software's refactoring (v.5.x), I suggest to distribute public files and assets directories inside their own /public directory.

Suggesting to bypass the security checks, is a needed fast shortcut, but unreliable long term solution.

Target Environment

  • Matomo Version: 5.x
@Findus23 commented on September 30th 2022 Member

I think that's the same discussion as https://github.com/matomo-org/matomo/issues/19505
And I still agree that this is (at least as an optional installation method) a huge benefit for Matomo.

@tassoman commented on October 5th 2022 Contributor

We're on the same frequency, I close as duplicated

This Issue was closed on October 5th 2022
Powered by GitHub Issue Mirror