Magento has several configuration files – one of the most important local.xml
, which contains all of your configuration details. Your database connection, caching connection details, where to store sessions – this is all contained within this file.
If you’ve been running an online store for a while now, you might have noticed something like the following in your error_log
1 |
[Tue Jul 07 12:56:32 2015] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /var/www/vhosts/xxxxx/httpdocs/app/etc/local.xml |
If you look further, you’ll notice that it happens when you try to visit app/etc/local.xml
from your browser, or, usually, every time you visit an admin page.
Why is this happening?
Magento contains a security feature to ensure that you have correctly locked down access to your local.xml
file.
Tracking it down
As app/etc/local.xml
is a file that must exist in a set location, it is fairly easy to track this down to app/code/core/Mage/Adminhtml/Block/Notification/Security.php
The funtion _isFileAccessible()
is called, with reference to private $_filePath = 'app/etc/local.xml';
If you’d like to turn off notifications, take a look at https://www.yireo.com/tutorials/magento/magento-administration/1322-client-denied-by-server-configuration-appetclocalxml. They have a great solution. Simply make an adminhtml local.xml file app/design/adminhtml/default/default/layout/local.xml
and update the layout to remove the notifications blocks.
1 2 3 4 5 6 |
<layout> <default> <remove name="notification_security"></remove> <remove name="notification_survey"></remove> </default> </layout> |
Image Credit: Sunflower Dreams
Comment or tweet @douglasradburn