5

I just installed Magento 2 on HostGator with Linux+Cpanel.

Everything seems to work fine, however, any change I do on the Configuration it keeps loading and loading and never applies.

I checked the server logs and it shows:

[Thu Mar 03 11:40:43 2016] [error] [client 108.167.165.191] client denied by server configuration: /home3/e9u3j7z1/public_html/magento/app/etc/config.php

The file has 644 permission, because it is required by Cpanel, I tried to change it to 755, 777, 775 but it doesn't solve the problem.

Someone could help?

user37025
  • 1,383
  • 3
  • 19
  • 32

6 Answers6

8

What is the “Client denied by server configuration app/etc/local.xml” error in Magento?

The “Client denied by server configuration app/etc/local.xml” error in the web server error log represents Magento successfully blocking external access to the sensitive information within that file and reflects the normal, secure operation of your Magento installation.

You may safely ignore this message because it reflects the normal, secure operation of your Magento installation.

If the IP address shown in the log is your site’s IP address, it represents the Magento installation performing a routine security check. Its presence in the error logs indicates that the local.xml file, which contains sensitive credentials, is inaccessible over the Web. Your Magento installation performs this check whenever you log into the administrative control panel of your site.

If the IP address in the log is not your site’s IP address, it reflects a successful block of an external attempt to access this file, and is therefore desirable. The access attempts are sometimes made by automatic site scrapers or bots that search for vulnerable websites.

Dayssam
  • 131
  • 1
  • 6
  • Your answer is about Magento 1 whereas the OP asks about Magento 2. – Raphael at Digital Pianism May 26 '16 at 14:19
  • But i got the same apache2 error in all magento2 versions [access_compat:error] [pid 5933] [client 127.0.0.1:48262] AH01797: client denied by server configuration: /var/www/html/app/etc/config.php – Dayssam Jun 30 '16 at 12:22
  • I'm actually getting this same error on a Magento 2 install. client denied by server configuration: /../../html/app/etc/local.xml Perhaps the path is just what someone is attempting to request? – Nick Rolando Oct 06 '21 at 20:00
2

I'm not sure how the files are updated in cpanel, but the error says, that you don't have the permission to access or change the file.

You are not allowed to access the files inside app/etc over the webserver. This behaviour is defined here: https://github.com/magento/magento2/blob/develop/app/.htaccess (pls don't change this, since this would be a serious security issue)

Also, it should not be required to change the config.php file by hand.

To enable a module for example, you should execute this command from the magento root directory:

bin/magento module:enable Namespace_Module

more information on this command can be found here: http://devdocs.magento.com/guides/v2.0/install-gde/install/cli/install-cli-subcommands-enable.html

David Verholen
  • 6,312
  • 1
  • 20
  • 38
1

I had a similar issue with the same error message and it turned out maintenance mode was enabled. Try running this from the root of your install:

php bin/magento maintenance:disable
user37275
  • 11
  • 2
1

Please use this command

find . -type f -exec chmod 644 {} \;                        // 644 permission for files
find . -type d -exec chmod 755 {} \;                        // 755 permission for directory 
find ./var -type d -exec chmod 777 {} \;                // 777 permission for var folder    
find ./pub/media -type d -exec chmod 777 {} \;
find ./pub/static -type d -exec chmod 777 {} \;
chmod 777 ./app/etc
chmod 644 ./app/etc/*.xml
gelanivishal
  • 1,336
  • 1
  • 12
  • 25
0

Just wanted to clarify this for anyone who comes to this page via Google. The "client denied by server configuration" error is produced by Allow / Deny rules you have added or are present in an .htaccess file. You can see this particularly in the error pasted in the last reply...

[access_compat:error] [pid 5933] [client 127.0.0.1:48262] AH01797: client denied by server configuration: /var/www/html/app/etc/config.php

access_compat is an Apache module that allows you to use the old Apache 2.2 Allow and Deny directives in Apache 2.4, although they are deprecated. This gives a clue as to what is preventing access.

I found in my client's installation, he had an htaccess file inside the /app directory with the following...

Order deny,allow Deny from all

Commenting those out resolved the problem. Hope this helps anyone having this issue :-)

Chris
  • 17
  • 1
  • 1
    Someone correct me if I am wrong but commenting out the Apache directives in /app/.htaccess file opens your site up to anonymous site visitors looking at things like the password to the database in /app/etc/local.xml and more. – jschrab Jan 17 '17 at 20:55
  • 1
    @jschrab, you are correct, opening the etc folder to access by anyone is a huge security issue. Right inside the env.php file are all the DB passwords and paths and the crypt key. – dawhoo Jun 06 '17 at 16:11
0

If you are using .htaccess for directory protection, it appears that it may cause this issue. Try removing it or renaming your .htaccess to test.

ctroyp
  • 95
  • 2
  • 10