I received the following error in my Drupal 8 status report:
PRIVATE FILES DIRECTORY Not fully protected See
https://www.drupal.org/SA-CORE-2013-003 for information about the
recommended .htaccess file which should be added to the private://
directory to help protect against arbitrary code execution.
The obsolete link provided shows no guidance for Drupal 8 or 9, only 7 and prior. I already have what I believe is a strict
.htaccess file I’d found elsewhere in Drupal’s documentation. How can I fix this error in Drupal 8?
Submit the admin form @/admin/config/media/file-system will also create this .htaccess file if your folders are setup correct.
Correct answer by Marcel on December 28, 2020
Per glbr, put the following in a
.htaccess file in your private files directory.
# Deny all requests from Apache 2.4+. <IfModule mod_authz_core.c> Require all denied </IfModule> # Deny all requests from Apache 2.0-2.2. <IfModule !mod_authz_core.c> Deny from all </IfModule> # Turn off all options we don't need. Options -Indexes -ExecCGI -Includes -MultiViews # Set the catch-all handler to prevent scripts from being executed. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 <Files *> # Override the handler again if we're run later in the evaluation list. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 </Files> # If we know how to do it safely, disable the PHP engine entirely. <IfModule mod_php5.c> php_flag engine off </IfModule> <IfModule mod_php7.c> php_flag engine off </IfModule>
Answered by glenviewjeff on December 28, 2020
1 Asked on December 4, 2020 by miststudent2011
1 Asked on December 3, 2020 by vaibhav-rana
1 Asked on November 30, 2020 by rick1
1 Asked on November 29, 2020 by alaa-haddad
1 Asked on November 18, 2020 by hiranya-sarma
1 Asked on November 13, 2020 by paul-h
2 Asked on October 21, 2020 by wbeasley
1 Asked on October 9, 2020 by sivaji
1 Asked on October 4, 2020 by anders-wallenquist
1 Asked on October 1, 2020 by travis-miller
1 Asked on October 1, 2020 by user3686276
0 Asked on September 13, 2020 by hendrik-kaiser
Get help from others!