Jump to content

error_log permissions

bigblackboxx

By bigblackboxx
in Questions

 Share

Recommended Posts

Byron Explorer

Byron

Posted
Posted
Heya,

 

I have a quick question reguarding the error_log files. Everytime I access a directory within my public_html dir that has an error_log file within, I get an error in my cpanel error log as follows:

[sat May 29 12:50:26 2010] [error] [client 76.123.xxx.xxx] client denied by server configuration: /home/boxx/public_html/test/error_log, referer: http://bigblackboxx.com/

 

The server is set up default not to display error-log files via directory indexing. That error in your log files is normal.

 

The test dir has the +Indexes option turned on and also does not diplay error_log file via indexing, but I'm able to see and access this file via FTP.

 

You should be able to see ANY file via FTP as long as your logged in.

 

I've attempted to adjust the permissions of the specific dir test/ to 777, but this doesnt seem to effect access to the error_log.

Do I need to adjust the permissions of the error_log file itself? Or am I missing some other key point here altogether?

 

Don't worry about it. You really don't want error log files displayed to the public anyway. You also need to go back and chmod your directory back to 755. You never need to go higher than 755 on any of your directories.

 

Byron Explorer

Byron

Posted
Posted
So curious.. would that be an IndexIgnore directive you've added to the httpd.conf at the server level?

 

Yes and its done with Apache mod_autoindex and that would also include dot files like your .htaccess.

 

I'll be sure to adjust the folder permissions back accordingly, and as always... I appreciate you taking the time to help me better understand this.

 

No problem! :)

 

Byron Explorer

Byron

Posted
Posted

You maybe right about it using order deny, allow, but I really couldn't say for sure. I'll see if I can talk djbob into coming over here when he gets time to answer your question since he's the one who configured the server. In the meantime you might want to check out some more htaccess directives you can use for your htaccess file.

 

http://httpd.apache.org/docs/2.2/

 

Ashoat Explorer

Ashoat

Posted
Posted

bigblackboxx, you've clearly been doing your research! Yeah, we're actually not using IndexIgnore. Instead, we're using something more along the lines of the "File" tag you listed above.

 

Though I didn't personally set up this configuration (it was auto-generated by cPanel), I have a guess as to why they constructed it the way they did. IndexIgnore will prevent the error_log from being listed in a directory page, but it will still allow that file to be downloaded or looked at. Since "error_log" is the default filename for any file containing Apache errors, without the "File" tag directives in httpd.conf a hacker would be able to often glean crucial information just from guessing the existence of an error_log file.

 

However, with our current configuration it is impossible to read these files.

Byron Explorer

Byron

Posted
Posted
IndexIgnore will prevent the error_log from being listed in a directory page, but it will still allow that file to be downloaded or looked at. Since "error_log" is the default filename for any file containing Apache errors, without the "File" tag directives in httpd.conf a hacker would be able to often glean crucial information just from guessing the existence of an error_log file.

 

I believe you hit the nail on the head djbob. Yeah it makes way more sense to use the "File" tag directive than to use IndexIgnore with sensitive files. Thanks djbob for clearing this up for both of us. :)

 

 

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...