httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eelco Alosery <i...@multi-graphics.nl>
Subject Re: [users@httpd] Virtual Hosting security issues
Date Wed, 16 Oct 2002 14:25:35 GMT
I stopt users from reading other users directorys by making a directory 
like www andfor each user i make a new dir in this directory white a 
unik name like my164dir.
The www directory I have chmod it to 0711 and this directory whil now 
sho up white no result when indexing it tru a cgi script

sunil sharma heeft op woensdag, 16 okt 2002 om 09:02 (Europe/Amsterdam) 
het volgende geschreven:

> First thanx for reply
> Ok if i stop from php then any body can view the
> directory structure by perl or cgi and if mod_jk is
> their then he can also read from jsp and class file
> also so we have to stop it at apache level
>
> Is their any kind of setting in httpd.conf like
> proftpd.conf where if you mention "DefaultRoot ~"
> like this then the user can not go into others
> directories  this is the just thought which i got
>
> is this possible in apache's case if i mention
> DefautRoot ~ like this then its no any script can view
> others directory
>
> so is it possible?
>
> thanx again
>
>
> --- Gilles Gros <gillesg@whitepj.com> wrote:
>> The problem is not apache, but PHP.
>>
>> look  into the safe mode of PHP.
>> disabling some PHP function should help you .
>>
>> Gilles
>>
>>> -----Original Message-----
>>> From: sunil sharma [mailto:apache_fan@yahoo.com]
>>> Sent: Tuesday, October 15, 2002 11:45 PM
>>> To: users@httpd.apache.org
>>> Subject: [users@httpd] Virtual Hosting security
>> issues
>>>
>>>
>>> Hello Friend
>>>
>>> I am very worried about my virtual host security
>>> issues
>>>
>>> On my server their are near about 550 virtual
>> host's
>>> are configured
>>>
>>> folloing is the the of example of virtual hosts
>> setup
>>> on my server
>>>
>>> VirtualHost no 1 "test.com"
>>>
>>>
>>
> #################################################################
>>> <VirtualHost 192.168.1.10>
>>>    ServerAdmin webmaster@test.com
>>>    DocumentRoot /home/test.com/htdocs
>>>    ServerName test.com
>>>    ServerAlias www.test.com
>>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>>>    ErrorLog /home/test.com/logs/error_log
>>>    CustomLog /home/test.com/logs/access_log
>> combined
>>> </VirtualHost>
>>>
>>
> ##################################################################
>>> ############
>>>
>>> VirtualHost No 2 "test1.com"
>>>
>>
> #################################################################
>>> <VirtualHost 192.168.1.10>
>>>    ServerAdmin webmaster@test.com
>>>    DocumentRoot /home/test.com/htdocs
>>>    ServerName test.com
>>>    ServerAlias www.test.com
>>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>>>    ErrorLog /home/test.com/logs/error_log
>>>    CustomLog /home/test.com/logs/access_log
>> combined
>>> </VirtualHost>
>>>
>>
> ##################################################################
>>> ############
>>>
>>> if I upload any php script with file open function
>>> suppose in test.com
>>> i can read  the content of test1.com thought their
>>> user and group are different
>>> and also i can view the whole directory structure
>> of
>>> my server
>>>
>>> I tired by giving "DocumetRoot ~" like this
>>> but it is not working i am finding the solution
>> but
>>> can any body help me in this problme?
>>> So it their any way from which i can stop this?
>>> anybody can help in this?
>>>
>>> Thanx in advance
>>>
>>>
>>>
>>>
>>> __________________________________________________
>>> Do you Yahoo!?
>>> Faith Hill - Exclusive Performances, Videos & More
>>> http://faith.yahoo.com
>>>
>>>
>>
> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the
>> Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html>
>> for more info.
>>> To unsubscribe, e-mail:
>> users-unsubscribe@httpd.apache.org
>>>    "   from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail:
>> users-help@httpd.apache.org
>>>
>>>
>>
>>
>>
> ---------------------------------------------------------------------
>> The official User-To-User support forum of the
>> Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for
>> more info.
>> To unsubscribe, e-mail:
>> users-unsubscribe@httpd.apache.org
>>    "   from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail:
>> users-help@httpd.apache.org
>>
>
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


Met vriendelijke groet,

Multi-Graphics
Eelco Alosery
Koekoeksbloem 11
8255 KH  Swifterbant
Tel : 0321-380014
Fax : 0321-843340
info@multi-graphics.nl
www.multi-graphics.nl



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message