I'm seeing .xml files (and others) on a litespeed server with permissions 644 that Moodle's Security Report is complaining about... Does this seem right? Even if I set them to 444 Moodle still complains. If I set them to 400, I get an 'Info' tag from Moodle in the report and it still complains hoping that "files should not be public (Returned a 403, ideally should be 404)". Any idea how this should be resolved?
In reply to Garth Brady
Re: 644 unacceptable for .xml files (and others) on litespeed?
by Pedro Camacho -
Hi, I don't have the answer, but I have the same question.
In the Moodle's Security Report, appear some .yml, xml and txt files with that warning. I can not found the 404 returned... only 403.
If someone can help us, please?.
Thanks.