Are these Recommended Options for Apache configuration?
Hello guys. Just wondering: what cPanel or end user features could result broken after disabling FollowSymLinks and leaving only SymLinksIfOwnerMatch and Indexes enabled in Apache Configuration? As seen in attached image.
Thanks in advance.
-
Hey there! According to the Apache docs at core - Apache HTTP Server Version 2.4 FollowSymLinks The server will follow symbolic links in this directory. This is the default setting. Even though the server follows the symlink it does not change the pathname used to match against sections. The FollowSymLinks and SymLinksIfOwnerMatch Options work only in sections or .htaccess files. Omitting this option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable.
When it says "in this directory" it is the entire server since we specify "/" as the directory option, as shown in your screenshot. SymLinksIfOwnerMatch will only follow symbolic links for which the target file or directory is owned by the same user id as the link. If FollowSymLinks is removed, I wouldn't expect any symlinks to function, no matter what SymLinksIfOwnerMatch is set to.0 -
Hey there. I know the definitions for those instructions. What I am asking is IF CPANEL DOES REQUIRES IT to be active for some of its features to work correctly. 0 -
cPanel doesn't have any requirements for Apache. You can completely shut off Apache and cPanel will work just fine. 0 -
Ok, great. And in regards of security, turning on only Indexes and SymLinksIfOwnerMatch would be safer than enabling all the other options, is this correct? 0 -
Personally, I think having Indexes on is one of the least secure options to have enabled, but a lot of people like having the directory listing appear. But in general, yes, the fewer options that are enabled, the better. 0 -
I forgot to ask: disablilng FollowSymLinks on WHM's Apache Configuration, could break any cPanel features? 0 -
cPanel doesn't use Apache, so that wouldn't affect our tools at all. 0 -
Ok only customers' websites that relies on these features could see its functionality limited or ruined. Right? 0 -
As stated a few times, cPanel itself does not use Apache. When you make changes to the Apache configuration, it would only affect end-user websites. The recommended settings are already default in the global settings. I get the feeling we'll be saying this a few more times. 0 -
Ok just wanted to super confirm that. You can rest now, soldier. 0
Please sign in to leave a comment.
Comments
10 comments