RainLoop data folder is accessible

Support and Discussion Web Server
#1

When I open the rainloop admin panel I find the following warning:

RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. Read more here: Documentation / Installation / RainLoop Webmail

Could someone help me solve it as I am not getting it, so I know there has to be with .htaccess rules

something like this:

<Location “/usr/local/lscp/cyberpanel/rainloop/data”>
Deny From All

<Directory “/usr/local/lscp/cyberpanel/rainloop/data”>
Require all denied

but it is not working for me when I create .htaccess inside the folder /usr/local/lscp/cyberpanel/rainloop/data

#2

We will take care of this.

#3

This is critical. You have left exposed all the files inside rainloop installation. For example, I can download from https://xxxx:8090/rainloop/data/data/default/configs/ the file application.ini that has all the details (database password etc.) from rainloop installation. It is a MAJOR security hole! I cannot understand how you have left it for over 15 days (!!!) without any response…

#4

Has this been fixed yet? I’m on Cyberpanel 1.8.2 and the Rainloop Admin panel is showing the same warning.

#5

This has been fixed, data folder is now out of the document root of rainloop. I think rainloops check it via rewrite file which we don’t use to protect the folder.

#6

Hello! the warning still continues for me in a new installation that I did

Notice:
Warning!

RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. Read more here: Documentation / Installation / RainLoop Webmail

in the install page of rainloop has the following solution for nginx:

If you are using nginx, add the following to your domain configuration file:

location ^ ~ / data {
deny all;
}

however, nothing for cyberpanel with litespeed ={

#7

You will not be able to access data folder it is out of the document root.

#8
essayservice said: Hello! the warning still continues for me in a new installation that I did

Notice:
Warning!

RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. Read more here: Documentation / Installation / RainLoop Webmail

in the install page of rainloop has the following solution for nginx:

If you are using nginx, add the following to your domain configuration file:

location ^ ~ / data {
deny all;
}

however, nothing for cyberpanel with litespeed ={

You should know you can’t go to a directory outside of the www root.

#9

how to remove the message?

#10

Type your comment> @CyberPanel said:

We will take care of this.

already solved that?

#11

I have installed my server last night and same error is showing in my RainLoop — Admin Panel. Any suggestion, what I have to do?

#12

If it’s fixed and Rainloop keeps showing the warning, how can we let Rainloop know it’s all under control? Where is the document root located? Why not simply add an .htaccess rule there?

#13

Type your comment> @biguenique said:

If it’s fixed and Rainloop keeps showing the warning, how can we let Rainloop know it’s all under control? Where is the document root located? Why not simply add an .htaccess rule there?

The root config files are located here:
/usr/local/lscp/cyberpanel/rainloop/data

1 Like
#14

Hi, have error in rainloop.
RainLoop data folder is accessible. Please configure your web server to hide the data folder from external access. How to fix it? Thanks

#15

connect server with cyberpanel cloud and reset email once and try

#16

Same warning showing in Rainloop v1.14.0 after updating CyberPanel to v2.3.1, although the url returns ‘Not Found’.