The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Enabling Jail Apache Virtual Hosts Causes 404s on Some Sites

Discussion in 'Security' started by linux4me2, Aug 30, 2016.

  1. linux4me2

    linux4me2 Well-Known Member

    Aug 21, 2015
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I thought I'd pass along my experience implementing symlink race condition protection because it might help someone else.

    I'm running CentOs 6.8 on a Virtuozzo VPS with WHM 58 build 24 with EasyApache4. I was using the Event MPM with suPHP and was very happy with it, but after reading the options for symlink protection, I decided to switch back to Prefork MPM, uninstall suPHP, and install mod_ruid2, then enable Jail Apache Hosts in Tweak Settings.

    Running EasyApache4 to deselect Event MPM, select Prefork MPM, and add mod_ruid2 went flawlessly. However, when I checked the box in Tweak Settings -> Security to enable "Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell", I got a customer call before I even got a chance to start testing.

    Many of the sites, but not all, were returning 404 errors instead of displaying the site. I had already restarted Apache, but that didn't make any difference.

    I saw an old post regarding internal case# 72109, which said, "When the mod_ruid2 + jailed virtualhosts option is enabled, virtfs directories don't get created as needed... The only known workaround at this point is to log into each users' shell account to ensure that the virtfs mount points get created before enabling jailed vhosts..."

    It turned out that logging in to only one of the affected accounts' shells resolved the problem for all the affected accounts, and it seems like everything is working just fine now.

    If you're going to try out mod_ruid2 like I did, before you enable Jail Apache Virtual Hosts, it would be a good idea to log in to at lease one users' shell account before doing so.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    Thank you for taking the time to share your experience, and to provide a workaround to others.

    Internal case CPANEL-3433 was opened to address an issue where enabling "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell." in "WHM >> Tweak Settings" resulted in websites failing to load. It was determined to have been isolated to the use of suPHP. The resolution to this case was to disallow the use of "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell." when suPHP is detected as the PHP handler.

    That said, I was able to reproduce the issue you have described without using suPHP in cPanel 58. However, it looks like the issue is addressed in cPanel version 60 because attempts to reproduce the issue on this version have failed.

    Thank you.

Share This Page