EasyApache 4 optimize .htaccess removed?

V

vacancy

Well-Known Member
Sep 20, 2012
566
226
93
Turkey
cPanel Access Level
Root Administrator
Hello there

In cpanel version 11.68.33, the "optimize .htaccess" settings in apache configuration are disappear.

How do I change the settings here?

Update: This function has been removed due to security risk.

SEC-401

Summary

Htaccess restrictions bypass when "Htaccess Optimization" enabled.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

The "Htaccess Optimization" functionality introduced in cPanel & WHM version 66 allowed the bypassing of account suspensions and .htaccess based access controls with some configurations. This funtionality has been disabled and will be replaced with an alternative optimization method in a future update.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
70.0.23
68.0.33
 
Last edited:
S

sparek-3

Well-Known Member
Aug 10, 2002
2,173
280
388
cPanel Access Level
Root Administrator
Does the package that the cPanel user is using have a feature set that has the Optimize Website enabled?

(I know it's weird, features are assigned to feature sets which are assigned to packages which are assigned to users)

Also, cPanel 60 is severely out of date.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello @vacancy,

The "Optimize .htaccess (AllowOverride)" option in "WHM >> Apache Configuration >> Global Configuration" was removed as part of the most recent targeted security release:

cPanel TSR-2018-0002 Announcement | cPanel Newsroom

Additional information about the removal of this option is scheduled for publication within the next couple of days.

Thank you.
 
  • Like
Reactions: vacancy
S

Sting Nguyen

Registered
Mar 21, 2018
1
0
1
Vietnam
cPanel Access Level
Website Owner
i setup WHM:
  • CENTOS 6.9 virtuozzo

v68.0.33

- i enabled mod_deflate.
- i go to WHM >> Apache Configuration >> Global Configuration
- i don't know why "Optimize .htaccess (AllowOverride)" in "WHM >> Apache Configuration >> Global Configuration" lost, i don't see "Optimize .htaccess (AllowOverride)"
 
Last edited by a moderator:
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello,

The following case was included in today's EasyApache 4 update as part of an initial effort to offer some of the benefits associated with the "Optimize .htaccess (AllowOverride)" feature that was removed in the recent security release:

EA-7191: Initial implementation of mod_cpanel: Handle requests to suspended users in apache without requiring an include file to be generated on the product side.

An upcoming blog post or documentation update will include more details on this change. I'll update this thread with a link to that information as soon as it's published.

Thank you.
 
  • Like
Reactions: vacancy
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
I SOLVED EasyApache review not detecting changes Web Servers and Applications 4
H EasyApache4 - "/etc/apache2/" and "/etc/httpd/" - why do BOTH directories exist? (CentOS) Web Servers and Applications 6
V Optimize EasyApache and PHP-FPM Web Servers and Applications 4
B Does ZendOptimizer work with php 5.3? Is that in easyapache? Web Servers and Applications 1
O EasyApache & Zend Optimizer Web Servers and Applications 2
Similar threads
SOLVED EasyApache review not detecting changes
EasyApache4 - "/etc/apache2/" and "/etc/httpd/" - why do BOTH directories exist? (CentOS)
Optimize EasyApache and PHP-FPM
Does ZendOptimizer work with php 5.3? Is that in easyapache?
EasyApache & Zend Optimizer
Top Bottom