# First, deny access to all files in this directory
<Files "*">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order Deny,Allow
Deny from All
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
Order Deny,Allow
Deny from All
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</IfModule>
</Files>
Found this in my .htaccess and everything works now that I removed it. Problem is that I don’t know how it ended up there in the first place. It happens every time I clear my browser cookies.
What I mentioned earlier isn’t a solution because you’ll be locked out again if you clear your cookies. To answer your question, there is an .htaccess in the matmo/config directory that has deny all directives. Deleting that may get you into matomo for now, but you’ll be locked out again if you clear cookies from your browser.
We need a real detailed solution. The .htaccess file is generated by Matomo so I don’t know why there isn’t an option to turn off that kind of security. Not sure if this is a Matomo or Openlitespeed issue.
I think its an ssl issue - potentially.
If I set up a matomo instance it will work all day until finally it locks me out if I clear my cache/cookies. I can only get in if I connect it to cloudflare and add
proxy_client_headers[] = HTTP_CF_CONNECTING_IP - after some time it will let me log in.
The problem is that my site has ssl and I don’t need cloudflare. I’m also not behind a proxy to my knowledge. I’m using openlitespeed with quic.cloud. Or maybe quic.cloud is a proxy but I have no idea what to put in my config in order to make it work.
Same issue using Apache. No luck after deleting the .htaccess file in matomo/config. I did also try the various proxy_client_headers settings. Locked out in all cases.
Any hint? Thanks in advance
I have a matomo.domain.com instance, so using cloudflare for that particular domain seems to work for me. Use proxy_client_headers[] = HTTP_CF_CONNECTING_IP in config.ini
Wont work immediately but if you check back in 30min to an hour it should let you in.
Still no luck. Didn’t make a change.
I can see from other posts in the forum that this issue is shared by several other folks.
Could we get some feedback (and hopefully a fix) from the Matomo team? Thanks in advance.
Yes, did that too.
I’ve just tried upgrading to 4.0.4. The whole process went smoothly (I even had the config.ini regenerated), but I still can’t login through the browser.
I’m using the very standard version of the product, no customisation, no addition, no nothing. The app runs on a shared host (ionos 1and1) which I do not control at all, if that is of importance.
My understanding though is that the issue doesn’t seem related to the database, and until now I’ve never bumped into questions related to the use of proxies, so I doubt it is the case here.
Any idea on the possible cause? Thanks
After updating to Matomo 4.0.4, I can no longer log in.
I get the error message:
Error: security checks failed. Please reload the form and check whether your browser allows cookies. If you use a proxy server, you have to set up Matomo so that it accepts proxy headers.
Does not work for none of the accounts. Both domain types (with and without www) are included in config.inc.php as trusted_hosts[]. By standard we have a routing included on www by htaccess. All are on SSL. But that shouldn’t be the problem. Any other ideas?
Thanks, Daniel. Login from https://domain.com does work.
Even though www.domain.com is declared as a trusted host in the config.ini.php, login through www doesn’t work. @Lukas, Matomo is in a subdir, and it is accessed over https.