We are implementing some security improvements in order to better secure against vulnerabilities that are known to be present in certain scripts available. Due to this, we are globally disabling +FollowSymLinks, however +FollowSymLinksIfOwnerMatch will remain as a valid option and can be used instead. This will generally not cause any issues, however one script known to be affected by this is Joomla, which uses this directive in it's .htaccess file. As per the notes in the Joomla .htaccess file, you can disable this function should it cause a problem on your site:
For Joomla, edit your .htaccess file and comment out (place a # in front of the like) containing Options +FollowSymLinks
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
# Options +FollowSymLinks
If you experience any issues following this change, please let us know and we will be happy to check your site for you.
Tuesday, January 29, 2013
