EasyApache 4 optimize .htaccess removed?

vacancy

• March 20, 2018 06:22

Hello there In cpanel version 11.68.33, the "optimize .htaccess" settings in apache configuration are disappear. How do I change the settings here? Update: This function has been removed due to security risk. SEC-401 Summary Htaccess restrictions bypass when "Htaccess Optimization" enabled. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Description The "Htaccess Optimization" functionality introduced in cPanel & WHM version 66 allowed the bypassing of account suspensions and .htaccess based access controls with some configurations. This funtionality has been disabled and will be replaced with an alternative optimization method in a future update. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 70.0.23 68.0.33

• 

  sparek-3

  • March 20, 2018 16:27

  Does the package that the cPanel user is using have a feature set that has the Optimize Website enabled? (I know it's weird, features are assigned to feature sets which are assigned to packages which are assigned to users) Also, cPanel 60 is severely out of date.

  0
• 

  cPanelMichael

  • March 20, 2018 17:49

  Hello @vacancy, The "Optimize .htaccess (AllowOverride)" option in "WHM >> Apache Configuration >> Global Configuration" was removed as part of the most recent targeted security release: cPanel TSR-2018-0002 Announcement | cPanel Newsroom Additional information about the removal of this option is scheduled for publication within the next couple of days. Thank you.

  0
• 

  vacancy

  • March 20, 2018 17:50

  Sorry my mistake. Version 11.68.33 Thank you information michael.

  0
• 

  Sting Nguyen

  • March 21, 2018 12:14

  i setup WHM:

  • CENTOS 6.9 virtuozzo

  v68.0.33 - i enabled mod_deflate. - i go to WHM >> Apache Configuration >> Global Configuration - i don't know why "Optimize .htaccess (AllowOverride)" in "WHM >> Apache Configuration >> Global Configuration" lost, i don't see "Optimize .htaccess (AllowOverride)"

  0
• 

  cPanelMichael

  • March 21, 2018 15:19

  Hi @Sting Nguyen, I merged your post with this thread. Here's the link noting it's removal: cPanel TSR-2018-0002 Full Disclosure | cPanel Newsroom Thank you.

  0
• 

  cPanelMichael

  • March 21, 2018 17:51

  Hello, The following case was included in today's EasyApache 4 update as part of an initial effort to offer some of the benefits associated with the "Optimize .htaccess (AllowOverride)" feature that was removed in the recent security release: EA-7191: Initial implementation of mod_cpanel: Handle requests to suspended users in apache without requiring an include file to be generated on the product side. An upcoming blog post or documentation update will include more details on this change. I'll update this thread with a link to that information as soon as it's published. Thank you.

  0

Please sign in to leave a comment.