httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Coby" <jc...@listingbook.com>
Subject Re: What am I missing? (subversive vhosts)
Date Thu, 22 Aug 2002 16:21:02 GMT
> If this is done within their <VirtualHost>, my protected directory is
> wide open with a request to their virtual host.  And, it seems to me,
> even if I don't allow editing of their <VirtualHost> blocks, couldn't
> this also be done with .htacces?
>
> What am I missing and how can this be dealt with?

couple solutions:

1) don't let them edit httpd.conf, require everything to be done via
.htaccess.  You are now the admin, and any site changes go through you.
This requres that you do user-level security to prevent them from plopping a
.htaccess in your userdir.  Basically, you give yourself read/write access,
and give the webserver ('nobody') read access.  AFAIK, there is no way to
just give apache read access.  Anybody else know?

2) ipchains/iptables.  That can drop packets to a ip:port.  Not a good
solution since you're using named servers.  Also a problem if you give them
root access.  But if you give them root access, nothing will work to prevent
them from mucking about in your space.

3) trust your friends. letting them edit httpd.conf is a bad, bad thing in
the first place.  :)

-Jacob
http://www.listingbook.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message