Hi, I have a question related to symlink attack mitigation. I created Debian server based on https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/ and made a test with FOX WSO tool https://shell.prinsh.com/#home. I was able to get configuration files of CMS (wordpress, joomla,...) from others clients folders. (permissions - 644). It seems that the file was able to read shadow file. It create Fox-C directory with customized .htaccess with Options All to disable SymLinksIfOwnerMatch Am I missing something in the configuration ? P.S.: Don't know what exactly the tool is doing, so do not test in prod environment.