Mengatasi error “Option FollowSymLinks not allowed here ” redirect web di .htaccess

kemarin ketika saya ingin meredirect url lama domain saya ke url yang baru dengan httaccess (saya bahas di postinga ini https://aldykustyandi.com/redirect-website-dari-domain-lama-ke-domain-baru-301-redirect/ )saya mendapatkan error sebagai berikut di error.log

[Tue Nov 24 20:02:46.211610 2020] [core:alert] [pid 9932] [client 192.168.222.1:40490] /home/aldy/public_html/.htaccess: Option FollowSymLinks not allowed here
[Tue Nov 24 20:02:46.434198 2020] [core:alert] [pid 9928] [client 192.168.222.1:16430] /home/aldy/public_html/.htaccess: Option FollowSymLinks not allowed here, referer: https://aldy.alshifacharity.com/

kondisi nya modul rewrite apache sudah aktif sehingga seharus nya redirect nya berfungsi. ternyata masalah nya ada pada syntax FollowSymLinks di .htaccess nya, FollowSymLinks sudah tidak di perboleh kan lagi di .

dri https://wiki.centos-webpanel.com/options-followsymlinks-not-allowed

In the latest version of cwp we don’t allow any more to use “Options FollowSymLinks” in the .htaccess files as this is a security issue.

Why Options FollowSymLinks is not secure?
This is a big security issue when you have multiple accounts or domains on the same server, an attacker can hack one domain and from there create symbolic links to all other configuration files of the other users/domains.

For example configuration like (wp-config.php, configuration.php) files where database info is stored and then with that data hack all other users/domains on the server.

What is the solution if you need symlinks?
You can use instead “Options SymLinksIfOwnerMatch” this will provide more security.

If you don’t have many users/domains on your server and you need to disable this restriction, you can do that by editing apache vhost for that domain.

Example .htaccess line

Options Indexes SymLinksIfOwnerMatch

In the latest version of cwp we don’t allow any more to use “Options FollowSymLinks” in the .htaccess files as this is a security issue.

Why Options FollowSymLinks is not secure?
This is a big security issue when you have multiple accounts or domains on the same server, an attacker can hack one domain and from there create symbolic links to all other configuration files of the other users/domains.

For example configuration like (wp-config.php, configuration.php) files where database info is stored and then with that data hack all other users/domains on the server.

What is the solution if you need symlinks?
You can use instead “Options SymLinksIfOwnerMatch” this will provide more security.

If you don’t have many users/domains on your server and you need to disable this restriction, you can do that by editing apache vhost for that domain.

Example .htaccess line

Options Indexes SymLinksIfOwnerMatch

maka solusi nya dengan mangganti FollowSymLinks menjadi

SymLinksIfOwnerMatch

lekukan perintah berikut , sesuaikan lokasi folder public_html nya:

root@hosting:~# find /home/aldy/public_html/ -name “.htaccess” -type f -exec sed -i ‘s/FollowSymLinks/SymLinksIfOwnerMatch/g’ {} “;”

kemudian tes , semoga bermanfaat 🙂

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.