The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_userdir

Discussion in 'General Discussion' started by HH-Mike, Dec 27, 2007.

  1. HH-Mike

    HH-Mike Registered

    Joined:
    Dec 22, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    PA
    Maybe I am just not totally understanding this, but I am having some issues with mod_userdir.
    I am trying to enable just 1 domain to be accessible thru http://xxx.xxx.xxx.xxx/~username/

    If the mod_userdir protection tweak is disabled then http://xxx.xxx.xxx.xxx/~username/ works.
    And if I enable mod_userdir protection, then that doesn't work. I get a 404 message.

    The problem I am running into is if mod_userdir protection is enabled (checked) and I enable an Exclude Protection for a domain, then http://xxx.xxx.xxx.xxx/~username/ doesn't work for that domain.

    If I enable the Exclude Protection for DefaultHost, then all the domains are accessible thru http://xxx.xxx.xxx.xxx/~username/ .
    Am I missing a step somewhere?


    WHM 11.11.0 cPanel 11.16.0-R18546
    CENTOS Enterprise 4.6 i686 on standard - WHM X v3.1.0
    Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

    Mike
     
  2. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    I am getting exactly the same -- the setting for DefaultHost governs the behaviour. That means that either all sites are protected or all are unprotected. This may be an old problem for all I know; I have not tried to restrict the mod_userdir settings before.

    Mike, it has been 2 weeks since your post. Did you find a solution to this? We are still running Apache 1.3 and will be upgrading to 2.x soon.
     
  3. HH-Mike

    HH-Mike Registered

    Joined:
    Dec 22, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    PA
    Nope still the same, even on a different server running Stable.
     
  4. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
  5. MonsterWeb

    MonsterWeb Registered

    Joined:
    May 9, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Still no Fix

    Wow, it is amazing that there have been posts on this issue since 2006 and still no solutions. The posts I found are listed below, but still no solutions. I hate to leave mod_userdir disabled on 189 accounts, but it is the only way one client can access the shared ssl. I hope there is a solution for this soon.
     
  6. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    The OP seems to be showing a dotted-quad, not a domain name, could just be a typo but is he trying to do it via the ip or the domain?. Makes a big difference.
     
  7. MonsterWeb

    MonsterWeb Registered

    Joined:
    May 9, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    mod_userdir is by domain. When enabled it prevents users from accessing their account by http://servername.com/~account. Unfortunately, in WHM, it is an all or nothing thing. If enabled, you should be able to exclude specific accounts, but it doesn't work.

    In a nut shell, you can either access all accounts by http://servername.com/~account, or none of them. It seems the exclude option does not work.
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If the exclusions are not working for you, I recommend submitting a support ticket: http://tickets.cpanel.net/submit
     
  9. jdlightsey

    jdlightsey Perl Developer III
    Staff Member

    Joined:
    Mar 6, 2007
    Messages:
    126
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Houston Texas
    cPanel Access Level:
    Root Administrator
    Lets say the hostname is server1.myhost.com and the IP is 1.2.3.4

    Now I have a new account at www.newdomain.com and the account name is "newguy"

    Now if you want to prevent all userdir requests except for the new account, you would:

    1) Turn on mod_userdir protection
    2) Uncheck "exclude protection" on the DefaultHost
    3) Add newguy to the "Additional Users" list for DefaultHost

    With those settings these should work:
    http://1.2.3.4/~newguy/
    http://server1.myhost.com/~newguy/

    This should be prevented:
    http://1.2.3.4/~diffacct/
    http://www.newdomain.com/~diffacct/

    To allow a userdir request to go through you're either (a) excluding all protection on the source domain, or (b) adding the destination account name to the Additional Users list on the source domain. You don't change the settings of the destination domain at all, only the domain that the ~userdir request will originate from.
     
  10. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    Sorry to crash this thread, but is it safe to assume then that with mod_userdir protection enabled, and NOBODY checked, that nobody should be able to access their site with a url like this?

    http://1.2.3.4/~anyacount

    Because that's what I'd assumed, but I'm still seeing IP/~username access for everyone. I'm not sure if I've misunderstood or what, so any clarification you can give would be wonderful. Thank you!
     
  11. aegis

    aegis Well-Known Member

    Joined:
    Jul 6, 2003
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    The interface needs revising

    I had a play with all the settings. It alters the UserDir variable in httpd.conf

    The default global setting is 'UserDir public_html' (ie. ~username works).

    If you 'Enable mod_userdir protection' but all other checkboxes are disabled it adds 'UserDir disabled' to each virtualhost. That is good.

    However, it also adds 'UserDir enabled username' where username is the default user for the virtualhost. This might possibly screw up PCI compliance. I don't think it should be adding in that last line enabling the username at all.

    If you check 'Exclude Protection' then it removes the UserDir settings for that virtualhost, as it should. It then would fall back to public_html.

    If you 'Exclude Protection' on DefaultHost it removes the UserDir settings from *


    The interface is just terrible. I would like to see it changed so that no users are enabled at all if you've enabled protection globally. Then against each domain you can add users you want to exclude protection for and these are added as 'userdir enabled username' lines OR a 'UserDir public_html' line is added if you want anybody.
     
Loading...

Share This Page