httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sunil sharma <apache_...@yahoo.com>
Subject RE: [users@httpd] Virtual Hosting security issues
Date Wed, 16 Oct 2002 07:02:36 GMT
First thanx for reply
Ok if i stop from php then any body can view the
directory structure by perl or cgi and if mod_jk is
their then he can also read from jsp and class file
also so we have to stop it at apache level

Is their any kind of setting in httpd.conf like
proftpd.conf where if you mention "DefaultRoot ~"
like this then the user can not go into others
directories  this is the just thought which i got

is this possible in apache's case if i mention
DefautRoot ~ like this then its no any script can view
others directory

so is it possible?

thanx again


--- Gilles Gros <gillesg@whitepj.com> wrote:
> The problem is not apache, but PHP.
> 
> look  into the safe mode of PHP.
> disabling some PHP function should help you .
> 
> Gilles
> 
> > -----Original Message-----
> > From: sunil sharma [mailto:apache_fan@yahoo.com]
> > Sent: Tuesday, October 15, 2002 11:45 PM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Virtual Hosting security
> issues
> >
> >
> > Hello Friend
> >
> > I am very worried about my virtual host security
> > issues
> >
> > On my server their are near about 550 virtual
> host's
> > are configured
> >
> > folloing is the the of example of virtual hosts
> setup
> > on my server
> >
> > VirtualHost no 1 "test.com"
> >
> >
>
#################################################################
> > <VirtualHost 192.168.1.10>
> >    ServerAdmin webmaster@test.com
> >    DocumentRoot /home/test.com/htdocs
> >    ServerName test.com
> >    ServerAlias www.test.com
> >    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
> >    ErrorLog /home/test.com/logs/error_log
> >    CustomLog /home/test.com/logs/access_log
> combined
> > </VirtualHost>
> >
>
##################################################################
> > ############
> >
> > VirtualHost No 2 "test1.com"
> >
>
#################################################################
> > <VirtualHost 192.168.1.10>
> >    ServerAdmin webmaster@test.com
> >    DocumentRoot /home/test.com/htdocs
> >    ServerName test.com
> >    ServerAlias www.test.com
> >    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
> >    ErrorLog /home/test.com/logs/error_log
> >    CustomLog /home/test.com/logs/access_log
> combined
> > </VirtualHost>
> >
>
##################################################################
> > ############
> >
> > if I upload any php script with file open function
> > suppose in test.com
> > i can read  the content of test1.com thought their
> > user and group are different
> > and also i can view the whole directory structure
> of
> > my server
> >
> > I tired by giving "DocumetRoot ~" like this
> > but it is not working i am finding the solution
> but
> > can any body help me in this problme?
> > So it their any way from which i can stop this?
> > anybody can help in this?
> >
> > Thanx in advance
> >
> >
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Faith Hill - Exclusive Performances, Videos & More
> > http://faith.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > The official User-To-User support forum of the
> Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for more info.
> > To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> >    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail:
> users-help@httpd.apache.org
> >
> >
> 
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 


__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message