The admin/backups/ directory contains database backup files created by Administration Tool -> Tools -> Database Backup.
It is important that public access to this directory is disabled in the web server configration to prevent unauthorized access of the contents in the directory.
After applying the following configuration, confirm the change by accessing the admin/backups/ directory with your browser. If you receive a Forbidden 403 error page, the configuration was applied successfully. If you receive an Internal Server 500 error page, undo the changes performed and contact your hosting provider or visit our support page for further help.
Create or edit the following file and add the following rule:
admin/backups/.htaccess
<Files *>
Order Deny,Allow
Deny from all
</Files>Create or edit the following file and add the following rule:
admin/backups/web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="backups" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>In the server configuration, add the autoindex directive to the location block with the correct directory location:
server {
...
location /admin/backups/ {
deny all;
}
}