matomo-for-wordpress icon indicating copy to clipboard operation
matomo-for-wordpress copied to clipboard
verified publisher icon matomo-org

Add the .htaccess files status in the system report

Open mattmary opened this issue 2 years ago • 0 comments

One of our users has been flagged by the Google console because his bots.yml file was accessible from the web. It means that his .htaccess were not well parsed.

Two possible explanations:

  • the .htaccess file is not readable by the webserver user
  • the vhost configuration does not allow parsing of .htaccess files

We could add in the system report:

  • a control for each .htaccess file if it is readable by the webserver user (https://www.php.net/is_readable)
  • detect by an alternate way of AllowOverride is enabled for the plugin folder. Detection methods examples https://stackoverflow.com/questions/7137104/check-allowoverride-value-using-php
  • mod_authz_core, mod_version, mod_mime, mod_headers status: https://www.php.net/manual/en/function.apache-get-modules.php

mattmary avatar Jan 09 '23 21:01 mattmary