Return-Path: X-Original-To: apmail-community-dev-archive@minotaur.apache.org Delivered-To: apmail-community-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7F64218BE3 for ; Sun, 2 Aug 2015 18:47:36 +0000 (UTC) Received: (qmail 99495 invoked by uid 500); 2 Aug 2015 18:47:36 -0000 Delivered-To: apmail-community-dev-archive@community.apache.org Received: (qmail 99163 invoked by uid 500); 2 Aug 2015 18:47:36 -0000 Mailing-List: contact dev-help@community.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@community.apache.org Delivered-To: mailing list dev@community.apache.org Received: (qmail 99151 invoked by uid 99); 2 Aug 2015 18:47:35 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 02 Aug 2015 18:47:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 45405D9AB9 for ; Sun, 2 Aug 2015 18:47:35 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.879 X-Spam-Level: ** X-Spam-Status: No, score=2.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id YxftNKbzv3FN for ; Sun, 2 Aug 2015 18:47:34 +0000 (UTC) Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id D8DC6212E0 for ; Sun, 2 Aug 2015 18:47:33 +0000 (UTC) Received: by igbpg9 with SMTP id pg9so43977303igb.0 for ; Sun, 02 Aug 2015 11:46:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=igx6RQ8jjLuFtE1a5fzP+ywqrlTecS8XtFYDsvxHvog=; b=i0IiqOhXQtys6HQDweaFmZ0gsGjoz9SvRnRQTXesK7adHLME8QRIXQKSEYcXEhq8TZ QddR+fYE6urm311f+ATOyLnB7/AlLItCaPQLfODEu8YrMPmhYvUT8kh+VCYouOQOfgeM x8OgU2ZRJb8ji0ivVjPeG7GyE3toKiMOUuWp8707EVShjCI83HNQ0vk0MuvFgTfza4HF Er/9CRI4o4xKNfahBMx9pednfPlY+3801MnPn06SSNulYC2TrMdsqmxJ1wBo8TYBr8Jv UK1Sbq6Uxdq40j+7Uq6FiioCGFoRr8SZCgV7jQBXxKCPrLyeC7fRcwxi2DyVnf7hgfJX xW2Q== MIME-Version: 1.0 X-Received: by 10.50.43.193 with SMTP id y1mr18061998igl.89.1438541162665; Sun, 02 Aug 2015 11:46:02 -0700 (PDT) Received: by 10.107.44.80 with HTTP; Sun, 2 Aug 2015 11:46:02 -0700 (PDT) Date: Sun, 2 Aug 2015 20:46:02 +0200 Message-ID: Subject: Apache virtual host security From: =?UTF-8?B?TcOhcmsgTcOzZGx5?= To: dev@community.apache.org Content-Type: multipart/alternative; boundary=089e0111d1befedd45051c587612 --089e0111d1befedd45051c587612 Content-Type: text/plain; charset=UTF-8 Hi, I am pretty new to apache mod development so please be gentle with me. English is not my native language either so in andvance sorry for my mistakes. A few weeks ago I ran into the problem that virtual host are not that separated, as I thought. The most common problem is that the different virtualhosts are not chrotted, so I checked some workarounds, but so far I did not really found a good solution. Today came the idea to me, that I would really try to DO something for this community First of all are my informations up-to date that this problem is not solved? (Separating virtual hosts, [source problem: one VH could reach other files, than the config alloved].) If I am right and it is still an issue, my idea is the folloving: Create an apache file handler and, if the file, that the subprocess would like to reach is out of the "range" it will return with a file handler error. I wonder if it is possible, or what the opinion is about this idea. Thanks in advice: mark --089e0111d1befedd45051c587612--