Log-folder

  • Resolved AleksCee

    (@alekscee)


    1 year, 7 months ago

    Hello, I just figure out that the files in wp-content/plugins/crowdsec/logs/ are accessible directly. Should there not better be protected by htaccess or other methods?

    thanks, Alex

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hello @alekscee ,
    you are right: server-side rules should be added to prevent access to these files. If this is not possible, the logging of files can be completely disabled using the “Disable prod log” parameter.

    As we can not do this in the plugin sources (we don’t know if user works with Apache, Nginx or anything else), I think we should at least add this notice in the advanced settings and add some configuration examples in the documentation.

    Will do so asap.

    Thank you for pointing that out.

    [UPDATE] : For those using Apache, we will add a .htaccess file in the .logs folder with some “deny” directives.

    Hi @alekscee,
    we just published a new 2.3.0 release of the plugin.
    This release contains necessary .htacess and an updated documentation for Nginx users.

    I’m closing this issue. Happy to continue the conversation here or elsewhere.

    Thanks again.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Log-folder’ is closed to new replies.