httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gilles Gros" <gill...@whitepj.com>
Subject RE: [users@httpd] Virtual Hosting security issues
Date Wed, 16 Oct 2002 06:52:28 GMT
The problem is not apache, but PHP.

look  into the safe mode of PHP.
disabling some PHP function should help you .

Gilles

> -----Original Message-----
> From: sunil sharma [mailto:apache_fan@yahoo.com]
> Sent: Tuesday, October 15, 2002 11:45 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] Virtual Hosting security issues
>
>
> Hello Friend
>
> I am very worried about my virtual host security
> issues
>
> On my server their are near about 550 virtual host's
> are configured
>
> folloing is the the of example of virtual hosts setup
> on my server
>
> VirtualHost no 1 "test.com"
>
> #################################################################
> <VirtualHost 192.168.1.10>
>    ServerAdmin webmaster@test.com
>    DocumentRoot /home/test.com/htdocs
>    ServerName test.com
>    ServerAlias www.test.com
>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>    ErrorLog /home/test.com/logs/error_log
>    CustomLog /home/test.com/logs/access_log combined
> </VirtualHost>
> ##################################################################
> ############
>
> VirtualHost No 2 "test1.com"
> #################################################################
> <VirtualHost 192.168.1.10>
>    ServerAdmin webmaster@test.com
>    DocumentRoot /home/test.com/htdocs
>    ServerName test.com
>    ServerAlias www.test.com
>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>    ErrorLog /home/test.com/logs/error_log
>    CustomLog /home/test.com/logs/access_log combined
> </VirtualHost>
> ##################################################################
> ############
>
> if I upload any php script with file open function
> suppose in test.com
> i can read  the content of test1.com thought their
> user and group are different
> and also i can view the whole directory structure of
> my server
>
> I tired by giving "DocumetRoot ~" like this
> but it is not working i am finding the solution but
> can any body help me in this problme?
> So it their any way from which i can stop this?
> anybody can help in this?
>
> Thanx in advance
>
>
>
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message