Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to limit access to error_log

Discussion in 'Security' started by moyo, May 9, 2017.

  1. moyo

    moyo Registered

    Joined:
    May 9, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Georgia
    cPanel Access Level:
    Root Administrator
    Hello;

    I need to deny the access to error_log for all account created on the server.
    I want to reject all URL requested for error-logs
    I need a change on the server which apply on the all accounts on the server.

    For example when the people enter the error-log URL the system show the error 403.

    Thank you very much in advance

    Best Regards
     
  2. Dave Smith

    Dave Smith Active Member

    Joined:
    Mar 20, 2016
    Messages:
    31
    Likes Received:
    7
    Trophy Points:
    8
    Location:
    Lisbon
    cPanel Access Level:
    Root Administrator
    You could comment out the below in your httpd config:

    ErrorLog "logs/error_log"

    And replace with:

    #ErrorLog "logs/error_log"

    Then restart Apache.

    Or add the following to your .htaccess files:

    php_flag log_errors Off
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @moyo,

    You could setup an include that applies to all Virtual Hosts on the system and utilize the Apache files directive to block public access to files named "error_log". EX:

    1. Run the following command to create the include that applies to all virtual hosts (SSL and non-SSL):

    Code:
    touch /etc/apache2/conf.d/userdata/denyerrorlog.conf 
    2. Save the following lines to this file:

    Code:
    <files error_log>
       Require all denied
    </files>
    3. Rebuild the Apache configuration file:

    Code:
    /scripts/rebuildhttpdconf
    Thank you.
     
  4. moyo

    moyo Registered

    Joined:
    May 9, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Georgia
    cPanel Access Level:
    Root Administrator
    Dear Dave Smith and cPanelMichael

    Thank you very much for your replies.
    Unfortunately the problem is still available and people can access to our error logs.

    I want to do something like this:

    - Link to error page removed -

    no one can access to this URL from outside.

    How can we do this?
    Best Regards
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you let us know the steps we can take to reproduce the issue after you implemented the workaround referenced in my last response?

    Thanks!
     
Loading...

Share This Page