Re: Erroneous dev folder not protected

anchorpad · ‎12-09-2019

With last night's Security Scan on our 1.9.4.0 installation, it is suddenly reporting:

"Your Magento installation /dev folder is not protected /dev/tests/functional/etc/config.xml Operation timed out after 30001 milliseconds with 0 out of -1 bytes received "

All other daily security scans up to last night did not report this, and I have verified our .htaccess file exists and contains:

Order deny,allow
Deny from all

I am assuming this is another bug in the security scan code since it appears their scan was not able to gain access to the /dev/tests/functional/etc/config.xml file. If I am wrong, someone please inform me. Thanks.

theMageComp · ‎12-09-2019

Hello @anchorpad

I am not sure if you are using magereport or default Magento security scan tool

But just to let you know, magereport don't have access to your files, so sometimes they just show in grey colour. They are not sure if it fixed or not.

Ensure that a file called /dev/.htaccess exists and contains the following lines:

1 2	Order deny,allow Deny from all

Was my answer helpful? You can accept it as a solution.
175+ Professional Extensions for M1 & M2
Need a developer?Just visit Contact Us Now

anchorpad · ‎12-09-2019

Using the Magento security scan tool, set to daily scan.
.htaccess does exist with:
Order deny,allow
Deny from all

Rahul Gupta · ‎12-09-2019

@anchorpad check the below link.

https://magento.stackexchange.com/questions/165975/magento-unprotected-development-files-patch

Rahul Gupta · ‎12-09-2019

@anchorpad If .htaccess is there then it is fine.