Are these Recommended Options for Apache configuration?

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,354
80
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Hello guys. Just wondering: what cPanel or end user features could result broken after disabling FollowSymLinks and leaving only SymLinksIfOwnerMatch and Indexes enabled in Apache Configuration? As seen in attached image.

Thanks in advance.
 

Attachments

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
Hey there! According to the Apache docs at core - Apache HTTP Server Version 2.4

Code:
FollowSymLinks

    The server will follow symbolic links in this directory. This is the default setting.
    Even though the server follows the symlink it does not change the pathname used to match against <Directory> sections.
    The FollowSymLinks and SymLinksIfOwnerMatch Options work only in <Directory> sections or .htaccess files.
    Omitting this option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable.
When it says "in this directory" it is the entire server since we specify "/" as the directory option, as shown in your screenshot.

SymLinksIfOwnerMatch will only follow symbolic links for which the target file or directory is owned by the same user id as the link.

If FollowSymLinks is removed, I wouldn't expect any symlinks to function, no matter what SymLinksIfOwnerMatch is set to.
 

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,354
80
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Hey there. I know the definitions for those instructions.
What I am asking is IF CPANEL DOES REQUIRES IT to be active for some of its features to work correctly.
 

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,354
80
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Ok, great.

And in regards of security, turning on only Indexes and SymLinksIfOwnerMatch would be safer than enabling all the other options, is this correct?
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
959
76
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
As stated a few times, cPanel itself does not use Apache. When you make changes to the Apache configuration, it would only affect end-user websites. The recommended settings are already default in the global settings.

I get the feeling we'll be saying this a few more times.
 
  • Like
Reactions: Kent Brockman