The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

.htaccess file inside /usr/local/cpanel/base/3rdparty

Discussion in 'Security' started by braweb, May 29, 2013.

  1. braweb

    braweb Member

    Joined:
    Dec 20, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Colombia
    Some of our 3rdparty applications contain folders that shouldn't be accessible via web, eg squirrelmail "data" folder (/ usr/local/cpanel/base/3rdparty/squirrelmail/data).

    This folder contains a .htaccess file with the following content "Deny from All" but this doesn't make any effect, if I create a file /usr/local/cpanel/base/3rdparty/squirrelmail/data/hello.html when a webmail user is logged in, he can see the content of the fille browsing: https://servername.com:2096/3rdparty/squirrelmail/data/hello.html, even with the .htaccess denagation.

    I put garbage to damaging the syntax of .htaccess trying to cause a 500 error, it does not, so the webserver running the panel doesn't read the file .htaccess.

    Same thing is happening with all the .htacess files inside /usr/local/cpanel/base/3rdparty, like:
    ./phpMyAdmin/libraries/.htaccess
    ./roundcube/program/.htaccess
    ./roundcube/plugins/enigma/home/.htaccess
    ./roundcube/logs/.htaccess
    ./roundcube/config/.htaccess
    ./roundcube/.htaccess
    ./roundcube/temp/.htaccess
    ./squirrelmail/po/.htaccess
    ./squirrelmail/include/.htaccess
    ./squirrelmail/data/.htaccess
    ./squirrelmail/functions/.htaccess
    ./squirrelmail/class/.htaccess
    ./squirrelmail/help/.htaccess
    ./squirrelmail/plugins/squirrelspell/modules/.htaccess
    ./squirrelmail/config/.htaccess
    ./squirrelmail/doc/.htaccess
    ./squirrelmail/contrib/.htaccess
    ./squirrelmail/locale/.htaccess


    How can you do to make the .htaccess file works under cPanel /webmail/ ?

    Thanks a lot,
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,675
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I was able to reproduce this behavior. Could you open a support ticket so we can investigate further and determine if this is in-fact a bug? You can submit a ticket via:

    Submit A Ticket

    Please post the ticket number here so we can track the issue.

    Thank you.
     
  3. braweb

    braweb Member

    Joined:
    Dec 20, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Colombia
    Hello,

    I received the case ID 69361, but it may take some time as cPanel Dev solve the problem.

    I want to know if there is a temporary solution/patch.
     
  4. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    cPanel does not use apache internally. .htaccess files are not observed or used. Items that you do not want to serve should be moved outside the /usr/local/cpanel/base and /usr/local/cpanel/whostmgr/docroot paths.
     
Loading...

Share This Page