Alain Raap

Our problem was solved after a network change, we don't see any session lock timeouts on the server anymore. Probably there was a bottleneck in the routing of the requests that caused these sesion lock timeouts. We couldn't find the cause, maybe a tip to keep in mind that network routing (in large organizations) might cause these kind of errors.

I get a 404 response page, but our wwwroot points to a loadbalancer, maybe that makes a difference in the detection of the vendor folder in the security check? On another server I don't get an error when wwwroot goes to the local machine. Anyway I don't see this as an error in the security check, because the vendor folder doesn't exist on the webserver.

When I access the locations with my browser, I get a 404 response for all the locations (/vendor, /vendor/bin/behat and node_modules)

Hi Leon,

I see the second check, but not the first one. It's strange, because /vendor/bin/behat and also node_modules are giving OK as a result and I also see them in the access log. The vendor folder doesn't exist inside my Moodle folder.

Leon, I have a problem with this rewriterule with Apache and Moodle 4.0: "RewriteRule "(\/vendor\/)" - [F]"
Although the directory /vendor doesn't exist in my Moodle application folder, the security check keeps complaining that it exists.
Does the rule checks the existance of any vendor directory in the application folder? With this command 'find ./* | grep '\/vendor\/' | wc -l' I found several 'vendor' directories inside the application directory.