thumb Posted December 1, 2017 Share Posted December 1, 2017 I know this has had to been asked a million times but searching showed exactly no results. How do I fix these security checks: HTTP Authentication has not been set up for the osCommerce Administration Tool and the /ext/ directory is publicly accessible and/or browsable - please disable directory listing for this directory in your web server configuration. Link to comment Share on other sites More sharing options...
ruden Posted December 1, 2017 Share Posted December 1, 2017 Click a new window opens a page https://library.oscommerce.com/Wiki&oscom_2_3&security_checks&ext_directory_listing Link to comment Share on other sites More sharing options...
MrPhil Posted December 14, 2017 Share Posted December 14, 2017 Note that many hosts no longer permit Options -Indexes in an .htaccess file, for security reasons. An alternative is to create an empty index.html file in that directory, or one that contains a cute message like "You lookin' at me? I said, are you lookin' at me?". The idea with any of these methods is that the system will no longer automatically generate an "index" file listing the directory contents. Be aware that any directories under /ext would need to get their own index.html files. HTTP Authentication is supposed to ask you for an ID and password when you access "protected" areas of the site, such as the admin. osC supplies some suggested files to do this, but they don't work on many servers. Your hosting control panel ought to provide some sort of "password protect a directory" function, which will do the same thing. If you use your host's method, osC's security check might not recognize it, and claim you're unprotected. As long as you have to enter an ID and password to get into the admin, you can ignore osC's warning. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.