Hi there Today i found that "Follow Symbolic Link" set to "No" or "If Owner Match" its not disabling Symlink as its expected to disable whole symlinks For example the symlink2 linked to fakesymlink/../../../../../../../../../../../../../../..//home/user/public_html/ which fakesymlink is a regular directory, when i request symlink2 through litespeed it responses 403 no permission error but when i request for http://woot/symlink2/file.ext it will response the /home/user/public_html/file.ext file with no error! It seems if we create a symlink to a directory, then the files in that directory are reachable through the lsws George, Please take a look in it and update to it me ASAP Thanks
Are you using LiteSpeed with Apache httpd.conf? or configure everything natively. If you use httpd.conf, you need to use "Options" directive. otherwise, you need to set the corresponding option at vhost level as well.
Using cPanel and httpd.conf All of Options directives in httpd.conf have -FollowSymlinks parameters, using LSWS 4.0.6 and 4.0.12 Would you please check it in your labs also?
Please do a force reinstall of 4.0.12 from web console or manually update it, it should have been fixed with latest build.
Dear George, Thanks for your awesome support The bug has been fixed in the latest 4.0.12 build Regards
There is still a minor bug with the symlinks Lets assume we creare a symlink for /home/user2/public_html ( source ) directory to /home/user1/public_html/w00t (dest ) If any RewriteRule matched the request is placed in a .htaccess file in the symlink source path, it will be handled for the request For example in the /home/user2/public_html/ path there is a htaccess to redirect all requests to https instead of http, or any hotlink protection which redirects to another url, requests for http://user2/w00t they will be redirected in order of RewriteRule located there, instead of 403 no permission My apologize for my bad english and very bad explanation.
Are you using LiteSpeed with Apache httpd.conf? or configure everything natively. If you use httpd.conf, you need to use "Options" directive. otherwise, you need to set the corresponding option at vhost level as well.