Magento has several configuration files – one of the most important local.xml, which contains all of your configuration details. Your database connection, caching connection details, where to store sessions – this is all contained within this file.

If you’ve been running an online store for a while now, you might have noticed something like the following in your error_log

If you look further, you’ll notice that it happens when you try to visit app/etc/local.xml from your browser, or, usually, every time you visit an admin page.

Why is this happening?

Magento contains a security feature to ensure that you have correctly locked down access to your local.xml file.

Tracking it down

As app/etc/local.xml is a file that must exist in a set location, it is fairly easy to track this down to app/code/core/Mage/Adminhtml/Block/Notification/Security.php

The funtion _isFileAccessible() is called, with reference to private $_filePath = 'app/etc/local.xml';

If you’d like to turn off notifications, take a look at They have a great solution. Simply make an adminhtml local.xml file app/design/adminhtml/default/default/layout/local.xml and update the layout to remove the notifications blocks.

Image Credit: Sunflower Dreams