You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Isn’t this something that should be disabled in the webserver config instead? Any production server should have dirlisting disabled by default, though most shared hosters will probably not do this…
If you really want to fix this problem, you should also make sure that files and dirs like README, tmp, tests, misc, etc. are removed as well. Even better, any php files that are not meant to be called directly (ie, anything but piwik.php and index.php I guess) should be outside of the document root as well.
Piwik might could make this setup easier by supplying a “htdocs” dir, which contains all files that should be in the document root. This will slightly complicate the default “put everything in the docroot” install approach (in particular, “htdocs” will show up in the url), but most of this should be solved by symlinking just index.php and perhaps piwik.php outside of the document root. The more advanced user can then just symlink only the htdocs directory into the documentroot (which contains index.php, piwik.php/js, robots.txt and the themes’ css and js).
Anyway, perhaps this should be a seperate ticket, if anyone cares…
Hello,
Piwik doesn’t prevent listing of some key directories such as`
core/` or`
config/`. This could help identifying piwik’s running version.
Putting empty`
index.html` files in those directories solves the problem.
Thanks,
Olivier;
The text was updated successfully, but these errors were encountered: