Facebook
Twitter
Micro$oft
New Pleskian
This problem is inevitable especially in dealer accounts where the Plesk panel can be a bit of a hassle to turn off fallowsymlink on a server basis.
Attackers can create and read files on other accounts.
To turn off the fallowsymlink directive on a server-by-server basis, follow these steps.
Open the file via SSH or ftp.
Add the following commands to the last line.
Reload the Apache server.
Attackers can create and read files on other accounts.
To turn off the fallowsymlink directive on a server-by-server basis, follow these steps.
Open the file via SSH or ftp.
Code:
nano /etc/httpd/conf.d/userdir.confAdd the following commands to the last line.
Code:
<Directory "/var/www/vhosts/*/httpdocs">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
<Directory "/var/www/vhosts/*/*/">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>Reload the Apache server.
Code:
service httpd reload
