Sunday, 24 January 2016

Magento admin notice "Your web server is configured ......... hosting provider."

Here is solution to the issue, which comes in magento admin dashboard.
"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider."

Issue Explanation :-
The issue relates with easy access to configuration file by web, i.e.,  
And this should be made unreadable by web.

Solution :- 
Depending on server apache settings any of the following solution may work.
1. Try changing permissions of  app/etc/local.xml to 660. Then check if http://sitename/app/etc/local.xml shows forbidden(or access denied or any error) & then test magento admin dashboard if that error is gone.
2. In case 1 fails, then 
 Try changing permissions of  app/etc/local.xml to 600. Then check if http://sitename/app/etc/local.xml shows forbidden & then test magento admin dashboard if that error is gone. 
3. In case, 1 & 2 both fails then lets discuss it further with me, as there might any other security loophole that too has to be fixed.