The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[bug?]

Discussion in 'Security' started by ozzieonline, Jan 21, 2013.

  1. ozzieonline

    ozzieonline Well-Known Member

    Joined:
    Dec 20, 2012
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    In the Apache template main.default located in /var/cpanel/templates/apoache2/ is see a couple of times "UserDir disable".

    According to the Apache documentation it should be "UserDir disabled" with a "d" at the end.

    I assume this is a bug and it could cause security risks. Can someone confirm this is a bug, and if so... where is the right place to post a bug?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There is a link, up top of the forums on every page titled "Defects" that will get you going in the right direction if needed.

    Searching that file I can find no "UserDir disable" all say "UserDir disabled"
     
  3. ozzieonline

    ozzieonline Well-Known Member

    Joined:
    Dec 20, 2012
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    That is strange... here is one example... see the last line...

    Code:
    # CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS
    <VirtualHost[% FOREACH nvh IN nvh_slice %] [% nvh %][% END %]>
        ServerName [% servername %]
        ServerAlias cpanel.* whm.* webmail.* webdisk.* autodiscover.* autoconfig.*
        DocumentRoot [% serverroot %]/htdocs
        ServerAdmin [% serveradmin %]
        [%- IF supported.mod_suphp %]
        <IfModule mod_suphp.c>
            suPHP_UserGroup nobody nobody
        </IfModule>
        [%- END %]
        [%- IF supported.mod_security2 %]
        <IfModule mod_security2.c>
            SecRuleEngine Off
        </IfModule>
        [%- END %]
        [%- IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
        UserDir disable
    I will report this bug.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Mine looks like this:

    Code:
    # CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
    [% END %]
    <VirtualHost[% FOREACH nvh IN nvh_slice %] [% nvh %][% END %]>
        ServerName [% servername %]
    [% IF autodiscover_proxy_subdomains %]
        ServerAlias cpanel.* whm.* webmail.* webdisk.* autodiscover.* autoconfig.*
    [% ELSE %]
        ServerAlias cpanel.* whm.* webmail.* webdisk.*
    [% END %]
        DocumentRoot [% serverroot %]/htdocs
        ServerAdmin [% serveradmin %]
        [%- IF supported.mod_suphp %]
        <IfModule mod_suphp.c>
            suPHP_UserGroup nobody nobody
        </IfModule>
        [%- END %]
        [%- IF supported.mod_security2 %]
        <IfModule mod_security2.c>
            SecRuleEngine Off
        </IfModule>
        [%- END %]
        [%- IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
        UserDir disabled
        [%- IF defaultvhost.userdirprotect != '' %]
        UserDir enabled [% defaultvhost.userdirprotect %]
     
  5. ozzieonline

    ozzieonline Well-Known Member

    Joined:
    Dec 20, 2012
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    That's pretty strange :confused:

    Well, I reported it.. hope it gets solved.
     

Share This Page