client denied by server configuration (local.xml)

In short, messages equivalent to

client denied by server configuration: /path/to/Magento/app/etc/local.xml

do not indicate an error. 

Magento stores database credentials and various other settings in app/etc/local.xml . It is critical that this file is not directly loadable in a browser, because this would then reveal the contents of the file to anyone who requested it directly in an Apache request. This would mean that any other user on a shared server, for example, could gain full access to your database.

To ensure that this file can't be seen in this way, Magento attempts to load the local.xml file itself whenever you load a page in the backend admin. If the local.xml file is viewable, Magento displays a message allong the lines of

Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

The cause of this error is normally a missing .htaccess file in the app/ directory, rather than web server configuration. In this case you need to replace the .htaccess file in the app directory to prevent access to the configuration file and to resolve this. Again, if the .htaccess file correctly blocks access to the local.xml file, the attempt is logged in the error log, resulting it in the "client denied by configuration" message. This can be safely ignored.

  • 79 Users Found This Useful
Was this answer helpful?