EasyApache 4 optimize .htaccess removed?

vacancy

Well-Known Member
Sep 20, 2012
468
163
93
Turkey
cPanel Access Level
Root Administrator
Hello there

In cpanel version 11.68.33, the "optimize .htaccess" settings in apache configuration are disappear.

How do I change the settings here?

Update: This function has been removed due to security risk.

SEC-401


Summary

Htaccess restrictions bypass when "Htaccess Optimization" enabled.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

The "Htaccess Optimization" functionality introduced in cPanel & WHM version 66 allowed the bypassing of account suspensions and .htaccess based access controls with some configurations. This funtionality has been disabled and will be replaced with an alternative optimization method in a future update.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
70.0.23
68.0.33
 
Last edited:

sparek-3

Well-Known Member
Aug 10, 2002
2,022
227
368
cPanel Access Level
Root Administrator
Does the package that the cPanel user is using have a feature set that has the Optimize Website enabled?

(I know it's weird, features are assigned to feature sets which are assigned to packages which are assigned to users)

Also, cPanel 60 is severely out of date.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello @vacancy,

The "Optimize .htaccess (AllowOverride)" option in "WHM >> Apache Configuration >> Global Configuration" was removed as part of the most recent targeted security release:

cPanel TSR-2018-0002 Announcement | cPanel Newsroom

Additional information about the removal of this option is scheduled for publication within the next couple of days.

Thank you.
 
  • Like
Reactions: vacancy

Sting Nguyen

Registered
Mar 21, 2018
1
0
1
Vietnam
cPanel Access Level
Website Owner
i setup WHM:
  • CENTOS 6.9 virtuozzo

v68.0.33

- i enabled mod_deflate.
- i go to WHM >> Apache Configuration >> Global Configuration
- i don't know why "Optimize .htaccess (AllowOverride)" in "WHM >> Apache Configuration >> Global Configuration" lost, i don't see "Optimize .htaccess (AllowOverride)"
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

The following case was included in today's EasyApache 4 update as part of an initial effort to offer some of the benefits associated with the "Optimize .htaccess (AllowOverride)" feature that was removed in the recent security release:

EA-7191: Initial implementation of mod_cpanel: Handle requests to suspended users in apache without requiring an include file to be generated on the product side.

An upcoming blog post or documentation update will include more details on this change. I'll update this thread with a link to that information as soon as it's published.

Thank you.
 
  • Like
Reactions: vacancy