[Case 109441] Changes to account suspensions with .htaccess
In some very recent version of cPanel a change was made in how accounts are suspended. The suspension process now modifies httpd.conf in-place to include a suspension config for the user's virtual hosts, rather than updating their .htaccess file(s) separately.
This is causing very significant issues for us due to the changes this is making to httpd.conf as well as the requirement to restart Apache after every cPanel account suspension. This is due to the size of our httpd.conf file and this is already minimized.
I cannot find any mention of this significant change in any release notes or change log. The documentation page below does discuss this, however. According to the Google cache and the last modified date on the page, this was written within the last 2-3 days, which is when we started seeing the behavior after the latest cPanel update on 11.42.
-
This isn't EasyApache.. Why move it to the EasyApache forum? To the world: We copied the prior suspendacct perl script over the new one and use that instead. It works fine. The new unsuspendacct handles both cases, too. 0 -
Sorry for the triple-post. It's evident this change to suspensions was made in haste and I believe I've found why, but regardless - I hope the following helps anyone in the predicament we're in: The new suspension implementation introduced on July 21st doesn't preserve the disabling RedirectMatch directives on document roots after a rebuild of httpd.conf. If httpd.conf is rebuilt the include lines are removed from httpd.conf for all suspended accounts through the new mechanism. Though they were added into the httpd.conf,v versioned file, so we do know they existed prior to a rebuild. # rlog /usr/local/apache/conf/httpd.conf,v | head -n 30 RCS file: /usr/local/apache/conf/httpd.conf,v Working file: httpd.conf head: 1.251 branch: locks: strict root: 1.251 access list: symbolic names: keyword substitution: kv total revisions: 251; selected revisions: 251 description: ---------------------------- revision 1.251 locked by: root; date: 2014/07/27 03:16:29; author: root; state: Exp; lines: +609 -1 "Modified by /scripts/rebuildhttpdconf End build_apache_conf" ---------------------------- revision 1.250 date: 2014/07/26 18:31:54; author: root; state: Exp; lines: +30707 -31735 "Modified by /scripts/rebuildhttpdconf End build_apache_conf" ---------------------------- revision 1.249 date: 2014/07/25 20:18:03; author: root; state: Exp; lines: +1 -0 "Modified by /usr/local/cpanel/scripts/suspendacct Edited by ensure_vhost_include_directives() - /usr/local/cpanel/scripts/suspendacct" ---------------------------- revision 1.248 date: 2014/07/25 20:17:25; author: root; state: Exp; lines: +1 -0 "Modified by /usr/local/cpanel/scripts/suspendacct Edited by ensure_vhost_include_directives() - /usr/local/cpanel/scripts/suspendacct" ----------------------------
Here's a quick Python script to re-submit any suspensions detected via the new method that were potentially removed after an httpd.conf build. Note that this does not preserve a cPanel suspension reason for the initial suspension.import os for dirname in os.listdir('/etc/httpd/conf/userdata/std/2/'): filename = os.path.join('/etc/httpd/conf/userdata/std/2/', dirname, '{0}-suspend.conf'.format(dirname)) if os.path.isfile(filename): username = dirname cpuser = open(os.path.join('/var/cpanel/users/', username)).readlines() found = 'SUSPENDED=1\n' in cpuser if found: print 'Resuspending', username os.system('/scripts/suspendacct {0}'.format(username))0 -
Hello :) The change in behavior is to address security concerns. It's announced here, but without the full details yet due to how we handle targeted security releases: cPanel TSR-2014-0005 Announcement Documentation is available at: Manage Account Suspensions What Happens When You Suspend An Account Please ensure you submit a bug report for any issues you encounter with the suspension process: Submit A Bug Report You can post the ticket number here and we can update this thread with the outcome. Thank you. 0 -
Thank you, Michael. I came to that conclusion it was for a security-related matter and that's why it hadn't been explicitly discussed in a release change log.. I'll wait to see what the additional information slated for release today brings. 0 -
Internal case number 109441 is open to address an issue where rebuilding the Apache configuration file with Apache 2.4 can result in unsupensions in limited circumstances. There is currently no specific time frame available for a resolution but the case is open with our development team. Thank you. 0
Please sign in to leave a comment.
Comments
5 comments