Php and symlinks


I got some yellow warnings about vulnerabilities in main VM screen.
One is about php and symlinks

Auto fix changed
Options Indexes IncludesNOEXEC FollowSymLinks +ExecCGI
allow from all
AllowOverride All


Options Indexes IncludesNOEXEC SymLinksifOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

This got me a lot of internal server errors like
.htaccess directive
RewriteRule ^es=(.*)$ index.php?t=$1 [NC,L,R]

What do you suggest?
Thank you


It sounds like it’s describing a problem with your .htaccess files… can you paste in the entire error that you’re seeing from the Apache error logs in $HOME/logs/error_log?

And perhaps include the contents of the .htaccess file it’s referring to.



Hello Eric,

This is a part of that .htaccess

RewriteEngine on
Options +FollowSymlinks
RewriteBase /
RewriteRule ^.htaccess$ - [F]

I commented the followSymlinks line and went back to auto fix configuration and all is fine.

Is this enough or should I add other symlink option?

Thank you,

Yup, that should be plenty!

Alternatively, if your app needs to use symlinks, you could change “FollowSymlinks” to read “SymLinksIfOwnerMatch”.


Thank you Eric!