I’m getting this error in my version 23 installation.
The system check has detected that your uploads folder is returning a 200 status code, which indicates that it is publicly accessible. This suggests a serious issue in your server configuration that should be addressed immediately. Please visit our Post-Install and Server Config page for instructions to fix this issue.
I followed all the steps but I’m still stuck… What I don’t understand is that the 200 status code is supposed to be a “success” status code…
Hi Manuel, we added this check into v23 to help identify security issues where your uploads folder might be web-accessible, which can be serious because it means anyone on the internet could access uploaded files. If you open your web browser, go to your Gibbon url + /uploads (for my test system, it’s http://localhost:8888/uploads). You should see a 403 Forbidden or a 404 Not Found, which would indicate that your uploads folder is secure. If you can see a list of files in the folder, this means your system has directory Indexes turned on, which will need to be turned off to secure your files.
If you head to your apache2 config file, there is an option that you can remove that fixes this issue. It’s called folder indexing and is typically found here:
/etc/apache2/apache2.conf
The lines you’re looking for are these:
`
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
`
```
You want it to look like this:
Options FollowSymLinks
AllowOverride None
Require all granted
`
...So you remove the indexing feature.
Yes, I found it!!! restarted apache2 service and WALAH! No warnings from Gibbon… Just needed to remove the word “indexes”. Thanks!! Last week has been really the longest time that I spent using and setting up Linux (normally a Windows user)… And so far, learning a LOT. Thanks!!
Thanks for the instructions Qualitymix, I’ll update our documentation for this process so that it’s more clear and includes these instructions for Apache : )
