Solved: Re: How remove "Incoming Message" in backend

tofi · ‎02-08-2017

Hi everyone. I'm working on a new magento installation (2.1.4) CE, actually I've installed version 2.1.3 and have upgraded yesterday via "Web Setup" in the backend. It went smoothly, but I'm seeing these incoming messages everytime I log in to backend.(please see attached picture). System info: Ubuntu 14.04 x64 CGI PHP, no php apache module.

1)The first is a notification about new version 2.1.4 which I already have, so I guess it shouldn't be showing up anymore.

2) The second is a bit more serious, it's about server permission setup I guess. I have folowed the documentation and have set it up correctly I suppose:

a) chown -R magento:www-data html (where magento is a separate user, www-data is apache user, html is my root folder)

b) find . -type d -exec chmod 770 {} \;

c) find . -type f -exec chmod 660 {} \;

d) chmod u+x html/bin/magento;

Isn't this strict enough, are maybe this magento messages cached somewhere and do still appear, even if they shouldn't? Please suggest, much thanks in advance

tofi · ‎02-09-2017

Hi, I've solved the warning about incorrect server setup. The problem was not in file/folder permission, these look setup ok, the way I set them. The issue is the .htaccess file in /rootfolder/app/ which has content

Order deny,allow
Deny from all

This works only for Apache prior to 2.4 version. I have version 2.4.7 which has new syntax for .htaccess files, and this existing .htaccess does not protect the files it should. So replaced existing content with

<RequireAll>
Require all denied
</RequireAll>

and the warning is now gone, note you may have to restart apache2 nad flush the magento cache in order for the changes to take effect.

Now I wonder another thing, Magento 2.1.4 uses .htaccess files a lot, I can find 63 of them on my installation. What should I do now, adjust all of them? Any suggestion welcome.

View solution in original post

tofi · ‎02-09-2017

Hi, I've managed to remove the first one (about upgrade to 2.1.4), I just went to System->Other Settings->Notifications and marked message as read. However I still keep seeing this frustrating thing about missconfiguration, it reads: "Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider." I've removed all premissions and reaplied them like this, but with no success.

chown -R magento:www-data html;
chmod -R a-rwsx html;
find html -type d -exec chmod 770 {} \; && find html -type f -exec chmod 660 {} \; && chmod u+x html/bin/magento

Have you experienced warning like this? Is something wrong with my setup? Thanks again.

tofi · ‎02-09-2017