web.config accessible to the public (Windows Vulnerability Detected)
Date Published: February 5, 2025
Issue
I got a notice that there is a Windows vulnerability with my application hosted on Acquia Cloud due to a publicly available web.config file.
Resolution
Update your .htaccess to a more recent version. You can see more information relevant to this on Drupal.org: https://www.drupal.org/project/drupal/issues/2974213
Cause
The reason that this becomes an issue is due to most likely an outdated .htaccess file. Please note that Acquia Cloud does not use Windows services so these warnings made known by security scans/teams are application level that developers can resolve.
Cloud Platform