How to limit access to error_log

moyo

• May 09, 2017 02:14

Hello; I need to deny the access to error_log for all account created on the server. I want to reject all URL requested for error-logs I need a change on the server which apply on the all accounts on the server. For example when the people enter the error-log URL the system show the error 403. Thank you very much in advance Best Regards

• 

  Dave Smith

  • May 09, 2017 10:35

  You could comment out the below in your httpd config: ErrorLog "logs/error_log" And replace with: #ErrorLog "logs/error_log" Then restart Apache. Or add the following to your .htaccess files: php_flag log_errors Off

  0
• 

  cPanelMichael

  • May 09, 2017 22:23

  Hello @moyo, You could setup an include that applies to all Virtual Hosts on the system and utilize the Apache files directive to block public access to files named "error_log". EX: 1. Run the following command to create the include that applies to all virtual hosts (SSL and non-SSL):
  touch /etc/apache2/conf.d/userdata/denyerrorlog.conf
  2. Save the following lines to this file:
  Require all denied
  3. Rebuild the Apache configuration file:
  /scripts/rebuildhttpdconf
  Thank you.

  0
• 

  moyo

  • May 15, 2017 10:13

  Dear Dave Smith and cPanelMichael Thank you very much for your replies. Unfortunately the problem is still available and people can access to our error logs. I want to do something like this: - Link to error page removed - no one can access to this URL from outside. How can we do this? Best Regards

  0
• 

  cPanelMichael

  • June 01, 2017 14:41

  I want to do something like this: - Link to error page removed - no one can access to this URL from outside.

  
  Could you let us know the steps we can take to reproduce the issue after you implemented the workaround referenced in my last response? Thanks!

  0

Please sign in to leave a comment.