.user.ini accessible despite .htaccess rules
-
Hello. I have a number of sites on AWS Lightsail that I recently upgraded to the latest 5-7-2.34 build (Bitnami). WAF scan now reports:
Publicly accessible config, backup, or log file found: .user.ini
The file /.user.ini on these sites are accessible via the browser, however the following exists in the .htaccess file:
# Wordfence WAF <Files ".user.ini"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files>
The mod_authz_core module is active.
Viewing 6 replies - 1 through 6 (of 6 total)
Viewing 6 replies - 1 through 6 (of 6 total)
- The topic ‘.user.ini accessible despite .htaccess rules’ is closed to new replies.