You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2023-04-09 02:33:45

sandroalves
Member
Registered: 2021-07-03
Posts: 33

Web server root directory configuration is not safe (Windows IIS)

Since the last update to version 10 I could only get it to work by pointing the website directory to a folder after the root folder.

- Physical path: (Unit:\GLPI\home) - All GLPI files are here.
- Bindings: (site.domain.com)
- After accessing the address it shows like this: URL - site.domain.com/front/central.php).

My installation is done in a Windows environment with IIS.

After updating to version 10.0.7 it fixed this message:
"Web server root directory configuration is not safe as it allows access to non-public files. See installation documentation for more details"

I already included the configuration in (Unit:\GLPI\home\web.config)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
     <system.webServer>
<rewrite>
<rules>
                 <rule name="Rewrite to GLPI" stopProcessing="true">
                     <match url="^(.*)$" />
                     <conditions>
                         <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
                     </conditions>
                     <action type="Rewrite" url="index.php" appendQueryString="true" />
                 </rule>
</rules>
</rewrite>
         <handlers>
         </handlers>
     </system.webServer>
</configuration>

However, it keeps showing this warning.

What am I doing wrong?

Thanks.

Offline

#2 2023-04-09 12:31:28

cedric-anne
Administrator
Registered: 2018-07-02
Posts: 85

Re: Web server root directory configuration is not safe (Windows IIS)

@sandroalves

I do not know how to configure IIS, but you have to define "Unit:\GLPI\home\public" as the root folder of your domain. I guess that "web.config" file have to be moved in "Unit:\GLPI\home\public".

Offline

#3 2023-04-09 14:32:22

sandroalves
Member
Registered: 2021-07-03
Posts: 33

Re: Web server root directory configuration is not safe (Windows IIS)

cedric-anne wrote:

@sandroalves

I do not know how to configure IIS, but you have to define "Unit:\GLPI\home\public" as the root folder of your domain. I guess that "web.config" file have to be moved in "Unit:\GLPI\home\public".

@cedric-anne, good afternoon.

I pointed the site directory to "Unit:\GLPI\home\public" which has the file (index.php) and a folder (lib).

At the root of "Unit:\GLPI\home\" there is also an index.php.

When I access GLPI (Site://url.domain.com) it automatically redirects to: (Site://url.domain.com/front/central.php)

And it shows like this:

404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

This has happened since I migrated to version 10.

It proceeded to show the full address in the URL path. I found this very strange.

Thanks.

Offline

#4 2023-04-11 09:35:46

cedric-anne
Administrator
Registered: 2018-07-02
Posts: 85

Re: Web server root directory configuration is not safe (Windows IIS)

@sandroalves

Not sure of that, but I guess you have to move `Unit:\GLPI\home\web.config` to `Unit:\GLPI\home\public\web.config`

Offline

#5 2023-07-27 20:16:06

josec
Member
Registered: 2023-07-27
Posts: 1

Re: Web server root directory configuration is not safe (Windows IIS)

sandroalves wrote:
cedric-anne wrote:

@sandroalves

I do not know how to configure IIS, but you have to define "Unit:\GLPI\home\public" as the root folder of your domain. I guess that "web.config" file have to be moved in "Unit:\GLPI\home\public".

@cedric-anne, good afternoon.

I pointed the site directory to "Unit:\GLPI\home\public" which has the file (index.php) and a folder (lib).

At the root of "Unit:\GLPI\home\" there is also an index.php.

When I access GLPI (Site://url.domain.com) it automatically redirects to: (Site://url.domain.com/front/central.php)

And it shows like this:

404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

This has happened since I migrated to version 10.

It proceeded to show the full address in the URL path. I found this very strange.

Thanks.


We just did a fresh install on IIS 10 of version 10.0.9 and we have the same problem. Were you able to change the root folder to the public folder? I have tried different things but still get the 404 error mentioned above.

Offline

#6 2023-10-24 11:38:48

DanielI
Member
Registered: 2023-10-24
Posts: 1

Re: Web server root directory configuration is not safe (Windows IIS)

@sandroalves ,

Hi, I have a fresh installation of GLPI 10.0.10 on IIS and exactly the same problem.

Did you managed to solve this?

Offline

#7 2024-03-01 21:41:40

mhoude
Member
Registered: 2024-03-01
Posts: 1

Re: Web server root directory configuration is not safe (Windows IIS)

I had the same problem and finally solved it.

Make sure the default website in IIS point to the public directory of GLPI (right click website in IIS, Manage Website, Advanced settings) and modify the phisical path to your GLPI public directory.

Create a web.config file as described on glpi-install.readthedocs.io

Make sure to install the URL Rewrite from Microsoft.

After that you should add IIS_IUSR user default permissions to the security tab of the public folder.

Now you should have access to GLPI with http://localhost only and the GLPI security warning should be gone.

Hope it helps

Offline

Board footer

Powered by FluxBB