Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

EasyApache 4 optimize .htaccess removed?

Discussion in 'EasyApache' started by vacancy, Mar 20, 2018.

  1. vacancy

    vacancy Well-Known Member

    Joined:
    Sep 20, 2012
    Messages:
    189
    Likes Received:
    23
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello there

    In cpanel version 11.68.33, the "optimize .htaccess" settings in apache configuration are disappear.

    How do I change the settings here?

    Update: This function has been removed due to security risk.

    SEC-401


    Summary

    Htaccess restrictions bypass when "Htaccess Optimization" enabled.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

    Description

    The "Htaccess Optimization" functionality introduced in cPanel & WHM version 66 allowed the bypassing of account suspensions and .htaccess based access controls with some configurations. This funtionality has been disabled and will be replaced with an alternative optimization method in a future update.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    70.0.23
    68.0.33
     
    #1 vacancy, Mar 20, 2018
    Last edited: Mar 20, 2018
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,712
    Likes Received:
    96
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Does the package that the cPanel user is using have a feature set that has the Optimize Website enabled?

    (I know it's weird, features are assigned to feature sets which are assigned to packages which are assigned to users)

    Also, cPanel 60 is severely out of date.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @vacancy,

    The "Optimize .htaccess (AllowOverride)" option in "WHM >> Apache Configuration >> Global Configuration" was removed as part of the most recent targeted security release:

    cPanel TSR-2018-0002 Announcement | cPanel Newsroom

    Additional information about the removal of this option is scheduled for publication within the next couple of days.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    vacancy likes this.
  4. vacancy

    vacancy Well-Known Member

    Joined:
    Sep 20, 2012
    Messages:
    189
    Likes Received:
    23
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Sorry my mistake. Version 11.68.33

    Thank you information michael.
     
  5. Sting Nguyen

    Sting Nguyen Registered

    Joined:
    Mar 21, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Vietnam
    cPanel Access Level:
    Website Owner
    i setup WHM:
    • CENTOS 6.9 virtuozzo

    v68.0.33

    - i enabled mod_deflate.
    - i go to WHM >> Apache Configuration >> Global Configuration
    - i don't know why "Optimize .htaccess (AllowOverride)" in "WHM >> Apache Configuration >> Global Configuration" lost, i don't see "Optimize .htaccess (AllowOverride)"
     
    #5 Sting Nguyen, Mar 21, 2018
    Last edited by a moderator: Mar 21, 2018
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following case was included in today's EasyApache 4 update as part of an initial effort to offer some of the benefits associated with the "Optimize .htaccess (AllowOverride)" feature that was removed in the recent security release:

    EA-7191: Initial implementation of mod_cpanel: Handle requests to suspended users in apache without requiring an include file to be generated on the product side.

    An upcoming blog post or documentation update will include more details on this change. I'll update this thread with a link to that information as soon as it's published.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    vacancy likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice