Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

New Thread mod_userdir protection issues

Discussion in 'EasyApache' started by webworker, Jun 14, 2019 at 5:48 PM.

  1. webworker

    webworker Member

    Joined:
    Feb 8, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Hello,

    I've read, re-read, googled, and read some more but I'm still butting up against this issue.

    Under WHM -> Apache mod_userdir Tweak

    I have Enable mod_userdir Protection check marked.
    No hosts are excluded from protection.

    The following occurs:
    accessing http://IP_ADDRESS/~root/ -> 403 Forbidden (along with nobody/admin, other users on the server return 404)
    accessing http://IP_ADDRESS/~random_account_that_doesn't_exist/ -> 404 Not Found

    Desired functionality:
    any attempt to access a user account returns a 404.

    PCI Compliance is fine with setting ErrorDocuments for both error codes (403 and 404) to the same content/response code but I'm not sure how to accomplish that with the standard cPanel error pages that are served by the server IP address or hostname pages.

    Thanks!
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice