Security - Recommended update to httpd.conf files via custombuild

Please see this post at Apaches mailing list: [patch] Fix cross-user symlink race condition vulnerability http://www.gossamer-threads.com/lists/apache/dev/419501

I wonder if that "symlink-protection.patch" is for the same thing as DirectAdmin harden-symlinks-patch option number 2? http://help.directadmin.com/item.php?id=421

If the fix is for the same thing, and if it get implemented in Apache, then DirectAdmin harden-symlinks-patch might be redundant if Apache release the fix. But please note, I don't know if the fix is for the exact same thing. Therfor I post here, maybe someone else knows?
 
completely disable FollowSymLinks

Hello.
I'd like to completely disable FollowSymLinks option in .htaccess files.
In CB 2.0 with apache 2.4 - secure_htaccess=yes don't work.

With harden_symlinks_patch=yes , secure_htaccess=yes ---> only use httpd-directories-old.conf file for httpd-directories.conf symblic file.
How i can to use httpd-directories-new.conf in httpd-directories.conf symblic file?
 
How i can to use httpd-directories-new.conf in httpd-directories.conf symblic file?

It's an old thread, but it can probably help somebody who is searching for it...

... just change the symlink with: ln -sf httpd-directories-new.conf httpd-directories.conf

It will break lots of sites I guess. Joomla, Wordpress... they all use it as far as I know.
 
Back
Top