cpanelinc / ea-apache2 Goto Github PK

If you have an online business, then your server support is the most important property. The server forms the backbone of your business on which the functioning of your company depends. If it goes down, down goes the reputation of your company and your business. Yes, you have got the creamy layer of business professionals in your office .Prologin averts these situations and makes sure that your server is up 24×7 and that nothing comes in the way of your business with intensive remote infrastructure management service.
http://prologins.com/remote.html

Can we fix?

wow can I edit someone else's comment? I am Perk hear me RAWR!

Hello,

I converted few cPanel servers from EA3 to EA4 to use PHP7 and I found two situations that could be considered as a regression over EA3.

Mod_ruid2 + ModSecurity

Those two work fine together on EA3. When selecting ruid2 in EA4, it wont allow ModSecurity, which is an important module to filter all kind of bad requests.

Symlink race condition patch

Rack911 and Bluehost patch aren't available in EA4, which can be considered as a security regression over EA3. This patch is a great workaround for those who cannot implement protection using filesystem such as Virtuozzo and OpenVZ containers. The only way you provide in your documentation for this situation would be mod_ruid + jailshell however ruid is not compatible with ModSecurity and that would create so many bind mounts on a filesystem that is already a bind mounts (simfs). It's also considered as experimental. It would be great if you could build an apache package with the Rack911 patch for all customers in this situation.

Any thoughts?

Karl

if syntax error or other errors in php
error_log file is generated in current directory, I want it to generate /home/$user/error_log
which file is responsible for this