All owncloud data are visible in internet

Security warning in owncloud after new install of owncloud server 10.4.1

Dein Datenverzeichnis und Deine Dateien sind wahrscheinlich vom Internet aus erreichbar. Die .htaccess-Datei funktioniert nicht. Es wird dringend empfohlen, Deinen Webserver dahingehend zu konfigurieren, dass das Datenverzeichnis nicht mehr vom Internet aus erreichbar ist oder dass Du es aus dem Document-Root-Verzeichnis des Webservers herausverschiebst.

I checked it and noticed you can reach everything what is under owncloud directory even config and more.

So the best ist to change DocumentRoot. But how can I reach then owncloud index.php?


it have found the following older FAQ with a translated search. Maybe this information posted there is still valid?

The FAQ I found before but didn’t understand. The Problem is that the new repository installation is incomplete. After installation of owncloud server, I coudn’t reach owncloud login site.

So I changed the documentroot of apache2 from var/www/html to var/www where owncloud is then a subfolder.
But now I know you may not have owncloud as a subfolder of documentroot, because you can reach everything, if you find out the adresses. It’s not only the data folder you can reach, it is everything of configuration like config.php - So everything is unsecure!

And here is how I solved the problem:
Change document root to var/www/html in ‘/etc/apache2/sites-available/000-default.conf’.
By this change owncloud login is not reachable anymore because you need alias configuration in webserver.
The alias you can configure in 000-default.conf, but I did it as recommended in a owncloud.conf which didn’t exist after new installation by repository.
Contents of owncloud.conf as you find here:

Alias /owncloud "/var/www/owncloud/"

<Directory /var/www/owncloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off

 SetEnv HOME /var/www/owncloud
 SetEnv HTTP_HOME /var/www/owncloud

Set the virtual host active in apache with that commands:
a2ensite owncloud.conf
service apache2 reload

Solved Owncloud is running and secure now!!!

1 Like