httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Holthaus <i...@orangexl.com>
Subject Re: [users@httpd] Virtual Hosting security issues
Date Wed, 16 Oct 2002 23:07:59 GMT
711 means owners can do all, and group and the world can either execute files 
or read directories. I cannot see how this would? Also, doesn't such a 
settign (711) impair functionality of your scripts?

Op Wednesday 16 October 2002 14:25, Eelco Alosery schreef:
> I stopt users from reading other users directorys by making a directory
> like www andfor each user i make a new dir in this directory white a
> unik name like my164dir.
> The www directory I have chmod it to 0711 and this directory whil now
> sho up white no result when indexing it tru a cgi script
>
> sunil sharma heeft op woensdag, 16 okt 2002 om 09:02 (Europe/Amsterdam)
>
> het volgende geschreven:
> > First thanx for reply
> > Ok if i stop from php then any body can view the
> > directory structure by perl or cgi and if mod_jk is
> > their then he can also read from jsp and class file
> > also so we have to stop it at apache level
> >
> > Is their any kind of setting in httpd.conf like
> > proftpd.conf where if you mention "DefaultRoot ~"
> > like this then the user can not go into others
> > directories  this is the just thought which i got
> >
> > is this possible in apache's case if i mention
> > DefautRoot ~ like this then its no any script can view
> > others directory
> >
> > so is it possible?
> >
> > thanx again
> >
> > --- Gilles Gros <gillesg@whitepj.com> wrote:
> >> The problem is not apache, but PHP.
> >>
> >> look  into the safe mode of PHP.
> >> disabling some PHP function should help you .
> >>
> >> Gilles
> >>
> >>> -----Original Message-----
> >>> From: sunil sharma [mailto:apache_fan@yahoo.com]
> >>> Sent: Tuesday, October 15, 2002 11:45 PM
> >>> To: users@httpd.apache.org
> >>> Subject: [users@httpd] Virtual Hosting security
> >>
> >> issues
> >>
> >>> Hello Friend
> >>>
> >>> I am very worried about my virtual host security
> >>> issues
> >>>
> >>> On my server their are near about 550 virtual
> >>
> >> host's
> >>
> >>> are configured
> >>>
> >>> folloing is the the of example of virtual hosts
> >>
> >> setup
> >>
> >>> on my server
> >>>
> >>> VirtualHost no 1 "test.com"
> >
> > #################################################################
> >
> >>> <VirtualHost 192.168.1.10>
> >>>    ServerAdmin webmaster@test.com
> >>>    DocumentRoot /home/test.com/htdocs
> >>>    ServerName test.com
> >>>    ServerAlias www.test.com
> >>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
> >>>    ErrorLog /home/test.com/logs/error_log
> >>>    CustomLog /home/test.com/logs/access_log
> >>
> >> combined
> >>
> >>> </VirtualHost>
> >
> > ##################################################################
> >
> >>> ############
> >>>
> >>> VirtualHost No 2 "test1.com"
> >
> > #################################################################
> >
> >>> <VirtualHost 192.168.1.10>
> >>>    ServerAdmin webmaster@test.com
> >>>    DocumentRoot /home/test.com/htdocs
> >>>    ServerName test.com
> >>>    ServerAlias www.test.com
> >>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
> >>>    ErrorLog /home/test.com/logs/error_log
> >>>    CustomLog /home/test.com/logs/access_log
> >>
> >> combined
> >>
> >>> </VirtualHost>
> >
> > ##################################################################
> >
> >>> ############
> >>>
> >>> if I upload any php script with file open function
> >>> suppose in test.com
> >>> i can read  the content of test1.com thought their
> >>> user and group are different
> >>> and also i can view the whole directory structure
> >>
> >> of
> >>
> >>> my server
> >>>
> >>> I tired by giving "DocumetRoot ~" like this
> >>> but it is not working i am finding the solution
> >>
> >> but
> >>
> >>> can any body help me in this problme?
> >>> So it their any way from which i can stop this?
> >>> anybody can help in this?
> >>>
> >>> Thanx in advance
> >>>
> >>>
> >>>
> >>>
> >>> __________________________________________________
> >>> Do you Yahoo!?
> >>> Faith Hill - Exclusive Performances, Videos & More
> >>> http://faith.yahoo.com
> >
> > ---------------------------------------------------------------------
> >
> >>> The official User-To-User support forum of the
> >>
> >> Apache HTTP Server Project.
> >>
> >>> See <URL:http://httpd.apache.org/userslist.html>
> >>
> >> for more info.
> >>
> >>> To unsubscribe, e-mail:
> >>
> >> users-unsubscribe@httpd.apache.org
> >>
> >>>    "   from the digest:
> >>
> >> users-digest-unsubscribe@httpd.apache.org
> >>
> >>> For additional commands, e-mail:
> >>
> >> users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> >
> >> The official User-To-User support forum of the
> >> Apache HTTP Server Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for
> >> more info.
> >> To unsubscribe, e-mail:
> >> users-unsubscribe@httpd.apache.org
> >>    "   from the digest:
> >> users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail:
> >> users-help@httpd.apache.org
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Faith Hill - Exclusive Performances, Videos & More
> > http://faith.yahoo.com
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
> Met vriendelijke groet,
>
> Multi-Graphics
> Eelco Alosery
> Koekoeksbloem 11
> 8255 KH  Swifterbant
> Tel : 0321-380014
> Fax : 0321-843340
> info@multi-graphics.nl
> www.multi-graphics.nl
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message