Running owncloud 10 on ubuntu 18.04 and have found that you can access the owncloud.log from external if you browse to http://server_ip/data/owncloud.log which contains some info I don’t want available externally. How do I stop this file from been opened in a web browser from external. I have tried deleting the file but it recreates when you log in again. I have tried removing all Linux access rights to it, but it is still accessible externally. I have changing the logging method to syslog and then deleted the owncloud.log but it is still accessible from external. Someone please help.
Please check out our docs on that topic:
How about using https if you are concerned with security?
Thanks for the reply.
Sorry yes I am using https, that was a typo in my last post. I have checked and the permissions on the /data/owncloud directory are set correctly but I want to to stop access just to the owncloud.log file.
Hey,
i don’t think that blocking only the owncloud.log is a good idea because other sensitive files within the data directory could be also accessed by external users.
Instead i think it makes more sense to block full access to the /data directory within your web server configuration or by using an .htaccess file.
Thanks for the reply. Could you give a pointer to a guide to doing that or setting up the .htaccess file?
Hey,
i did the following search:
https://central.owncloud.org/search?q=htaccess%20data%20dir
and found the following existing FAQ about this topic. It looks to me that this is a little bit old but maybe it still contains some additional info where to look for more.
Hello,
You should move your data directory out of the public root into a private user folder. This will prevent direct access to any files in the data directory and user files too.
In my case my publice root is /home/user/public_html
I placed the data folder in /home/user/ownload_data/data
Where public_html is public root and ownload_data/data is private folder owned by user.
-Mike
2 Likes