My feedback

  1. 5 votes
    Sign in
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Service Improvement » Applications  ·  Flag idea as inappropriate…  ·  Admin →
    Eddie commented  · 

    As per the official document of moodle it is not absolutely necessary to have the datadirectory outside the webroot. Please review official note below

    Official Statement:
    Security warning: For security purposes, it is CRITICAL that this directory is NOT accessible directly via the web. The easiest way to do this is to simply locate it OUTSIDE the web site root directory (it is the folder that the main part of your URL -that is, the part up to the first single / - points to; for example, in http://your.domain.com/moodle/admin/cron.php, it is http://your.domain.com/).

    But if you must have it in the web directory (and you are using Apache AND the web server configuration allows .htaccess files to restrict access to directories) then protect it by creating a file in the data directory called .htaccess, containing these lines

    order deny,allow
    deny from all

Feedback and Knowledge Base