We know that removing deny 0.0.0.0/0 will make some trouble in security. I am trying to remove deny 0.0.0.0/0, and tried to create normal user, then i tried to access file manager which owned by adminand yes it accessible. It is mean, a user can see and browse the other site in same server using file manager.
So, why i write this post on bug category ? Because
Normally, i can use file manager with deny 0.0.0.0/0
But, my file manager is not working when i don’t remove deny 0.0.0.0/0 even if i don’t change anything on vhost conf.
I reinstall my CyberPanel, and use same configuration like before, and i use default configuration withdeny 0.0.0.0/0, it is working well, my file manager can be accessed.
But, i tried to :
Create normal user (just say user2)
Create website which owned by normal user (For example, the domain is domain.com, owned by user2)
User 2 login to his CyberPanel dashboard
User 2 try to access file manager other user (for example admin), and yes, it is accessible
If a user could see other user’s file, it is mean, CyberPanel is not ready yet to be used for shared hosting purpose
So, just test it with your environment, and if you have same case with me, it is mean there is bug on file manager. Hope it wil be fixed soon.
