.htaccess file inside /usr/local/cpanel/base/3rdparty

braweb

Member
Dec 20, 2004
20
0
151
Colombia
Some of our 3rdparty applications contain folders that shouldn't be accessible via web, eg squirrelmail "data" folder (/ usr/local/cpanel/base/3rdparty/squirrelmail/data).

This folder contains a .htaccess file with the following content "Deny from All" but this doesn't make any effect, if I create a file /usr/local/cpanel/base/3rdparty/squirrelmail/data/hello.html when a webmail user is logged in, he can see the content of the fille browsing: https://servername.com:2096/3rdparty/squirrelmail/data/hello.html, even with the .htaccess denagation.

I put garbage to damaging the syntax of .htaccess trying to cause a 500 error, it does not, so the webserver running the panel doesn't read the file .htaccess.

Same thing is happening with all the .htacess files inside /usr/local/cpanel/base/3rdparty, like:
./phpMyAdmin/libraries/.htaccess
./roundcube/program/.htaccess
./roundcube/plugins/enigma/home/.htaccess
./roundcube/logs/.htaccess
./roundcube/config/.htaccess
./roundcube/.htaccess
./roundcube/temp/.htaccess
./squirrelmail/po/.htaccess
./squirrelmail/include/.htaccess
./squirrelmail/data/.htaccess
./squirrelmail/functions/.htaccess
./squirrelmail/class/.htaccess
./squirrelmail/help/.htaccess
./squirrelmail/plugins/squirrelspell/modules/.htaccess
./squirrelmail/config/.htaccess
./squirrelmail/doc/.htaccess
./squirrelmail/contrib/.htaccess
./squirrelmail/locale/.htaccess


How can you do to make the .htaccess file works under cPanel /webmail/ ?

Thanks a lot,
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

I was able to reproduce this behavior. Could you open a support ticket so we can investigate further and determine if this is in-fact a bug? You can submit a ticket via:

Submit A Ticket

Please post the ticket number here so we can track the issue.

Thank you.
 

braweb

Member
Dec 20, 2004
20
0
151
Colombia
Hello,

I received the case ID 69361, but it may take some time as cPanel Dev solve the problem.

I want to know if there is a temporary solution/patch.
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
158
cPanel Access Level
DataCenter Provider
cPanel does not use apache internally. .htaccess files are not observed or used. Items that you do not want to serve should be moved outside the /usr/local/cpanel/base and /usr/local/cpanel/whostmgr/docroot paths.