Limit server-wide access to error_log

David Colter

• July 11, 2018 10:52

A VPS server was recently upgraded to EA4. I think this may have caused (among other issues) for the error_log files to become visible with a browser. I found the thread:

• 

  cPanelLauren

  • July 11, 2018 18:18

  Hi @David Colter Actually, you shouldn't need to do this at all - the following directive should be present in the httpd.conf: # Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files Order allow,deny Deny from all Satisfy All Require all denied
  Can you confirm whether or not this exists on your server? The reason the creation of the file failed is most likely because the /etc/apache2/conf.d/userdata/
  directory doesn't exist, but as I mentioned before the error_log should be denied already. Thanks!

  0
• 

  David Colter

  • July 11, 2018 23:34

  Thank you Lauren, I looked into httpd.conf. The following lines of all the above are MISSING: Order allow,deny Deny from all Satisfy All
  What is the suggested way of having this directed added? Why would they be missing? EDIT: I added this to the pre virtualhosts include in WHM. After restarting Apache, they were still not in httpd.conf. David

  0
• 

  cPanelLauren

  • July 12, 2018 14:23

  Hi @David Colter Adding this to the pre VirtualHost include wouldn't be in the httpd.conf it would be in the include and the include would be referenced. If you rebuild the apache conf with the below steps is anything changed? mv /etc/apache2/conf/httpd.conf{,.bk} /scripts/rebuildhttpdconf /scripts/restartsrv_httpd
  

  0
• 

  David Colter

  • July 12, 2018 14:49

  No change!! root@vps [~]# mv /etc/apache2/conf/httpd.conf{,.bk} root@vps [~]# /scripts/rebuildhttpdconf Built /etc/apache2/conf/httpd.conf OK root@vps [~]# /scripts/restartsrv_httpd .... a load of messages, with over a dozen WARNINGS due to ModSecurity settings. (example) [Thu Jul 12 01:21:00.262971 2018] [:error] [pid 24452:tid 139695868544768] [client 47.90.92.121:56030] [client 47.90.92.121] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?:\\\\w+\\\\/[\\\\w\\\\-\\\\.]+)(?:;(?:charset=[\\\\w\\\\-]{1,18}|boundary=[\\\\w\\\\-]+)?)?$" against "REQUEST_HEADERS:Content-Type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/32_Apps_OtherApps.conf"> [line "4664"> [id "243930"> [rev "2"> [msg "COMODO WAF: Remote code execution in Apache Struts versions 2.3.31 - 2.3.5 and 2.5 - 2.5.10 (CVE-2017-5638)||xxx.xxx.14.171|F|2"> [severity "CRITICAL"> [tag "CWAF"> [tag "OtherApps"> [hostname "xxx.xxx.14.171"> [uri "/indexAction.action"> [unique_id "W0blPMWRIVMijBwQRwrsKAAAANQ">
  (using a COMODO package due to limitations on a WordPress installation) regardless of remote or from WHM Terminal resulting in only the following being in httpd.conf: # Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files Require all denied
  What now?

  0

Please sign in to leave a comment.