Moodle 2.9 apache can access moodle files

Moodle 2.9 apache can access moodle files

by Zola Anderson -
Number of replies: 1

Hi all,

As part of our security work on Moodle installed here, we noticed that the Apache can access Moodle files located in the Moodle folder

For example, We can access from a browser the URL (moodlehost)/userlogin/assets/js/scripts.js and view its content. We can also access all XML files directly from the browser.

Is there a way to restrict such access? I hate to see our environment variable publicly available.

Many thanks

Average of ratings: -
In reply to Zola Anderson

Re: Moodle 2.9 apache can access moodle files

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

userlogin/assets/js/scripts.js is not part of Moodle.

Which XML files are you worries about? There aren't many in Moodle, any anyway all the Moodle code is on github: https://github.com/moodle/moodle

Average of ratings: -