Writable directories need to be detectable from within the apache configuration as well as the litespeed configuration.
This will add a greater level of security as we will be able to globally lock down writable directories so attackers cannot execute scripts within them
<Directory {if directoryPerms > 755}>
AllowOverride None
Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
</Directory>
This is currently doable via htaccess, but htaccess can be overwritten if perms are not correct.
It is also not controllable on a global level which is important for shared multi tenant server security. As we cannot monitor which directories the end user creates but we want to maintain a specific level of security for the system.
This will add a greater level of security as we will be able to globally lock down writable directories so attackers cannot execute scripts within them
<Directory {if directoryPerms > 755}>
AllowOverride None
Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
</Directory>
This is currently doable via htaccess, but htaccess can be overwritten if perms are not correct.
It is also not controllable on a global level which is important for shared multi tenant server security. As we cannot monitor which directories the end user creates but we want to maintain a specific level of security for the system.