Return-Path: 
 <users-return-15610-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 62762 invoked by uid 500); 16 Oct 2002 14:25:37 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 62751 invoked from network); 16 Oct 2002 14:25:36 -0000
Received: from amsfep11-int.chello.nl (213.46.243.20)
  by daedalus.apache.org with SMTP; 16 Oct 2002 14:25:36 -0000
Received: from multi-graphics.nl ([62.163.58.90]) by amsfep11-int.chello.nl
          (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with ESMTP
          id
 <20021016142536.XIYZ1218.amsfep11-int.chello.nl@multi-graphics.nl>
          for <users@httpd.apache.org>; Wed, 16 Oct 2002 16:25:36 +0200
Date: Wed, 16 Oct 2002 16:25:35 +0200
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v546)
From: Eelco Alosery <info@multi-graphics.nl>
To: users@httpd.apache.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <20021016070236.2275.qmail@web10702.mail.yahoo.com>
Message-Id: <22B79168-E113-11D6-84F5-000A277DDDAE@multi-graphics.nl>
X-Mailer: Apple Mail (2.546)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: Re: [users@httpd] Virtual Hosting security issues

I stopt users from reading other users directorys by making a directory 
like www andfor each user i make a new dir in this directory white a 
unik name like my164dir.
The www directory I have chmod it to 0711 and this directory whil now 
sho up white no result when indexing it tru a cgi script

sunil sharma heeft op woensdag, 16 okt 2002 om 09:02 (Europe/Amsterdam) 
het volgende geschreven:

> First thanx for reply
> Ok if i stop from php then any body can view the
> directory structure by perl or cgi and if mod_jk is
> their then he can also read from jsp and class file
> also so we have to stop it at apache level
>
> Is their any kind of setting in httpd.conf like
> proftpd.conf where if you mention "DefaultRoot ~"
> like this then the user can not go into others
> directories  this is the just thought which i got
>
> is this possible in apache's case if i mention
> DefautRoot ~ like this then its no any script can view
> others directory
>
> so is it possible?
>
> thanx again
>
>
> --- Gilles Gros <gillesg@whitepj.com> wrote:
>> The problem is not apache, but PHP.
>>
>> look  into the safe mode of PHP.
>> disabling some PHP function should help you .
>>
>> Gilles
>>
>>> -----Original Message-----
>>> From: sunil sharma [mailto:apache_fan@yahoo.com]
>>> Sent: Tuesday, October 15, 2002 11:45 PM
>>> To: users@httpd.apache.org
>>> Subject: [users@httpd] Virtual Hosting security
>> issues
>>>
>>>
>>> Hello Friend
>>>
>>> I am very worried about my virtual host security
>>> issues
>>>
>>> On my server their are near about 550 virtual
>> host's
>>> are configured
>>>
>>> folloing is the the of example of virtual hosts
>> setup
>>> on my server
>>>
>>> VirtualHost no 1 "test.com"
>>>
>>>
>>
> #################################################################
>>> <VirtualHost 192.168.1.10>
>>>    ServerAdmin webmaster@test.com
>>>    DocumentRoot /home/test.com/htdocs
>>>    ServerName test.com
>>>    ServerAlias www.test.com
>>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>>>    ErrorLog /home/test.com/logs/error_log
>>>    CustomLog /home/test.com/logs/access_log
>> combined
>>> </VirtualHost>
>>>
>>
> ##################################################################
>>> ############
>>>
>>> VirtualHost No 2 "test1.com"
>>>
>>
> #################################################################
>>> <VirtualHost 192.168.1.10>
>>>    ServerAdmin webmaster@test.com
>>>    DocumentRoot /home/test.com/htdocs
>>>    ServerName test.com
>>>    ServerAlias www.test.com
>>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>>>    ErrorLog /home/test.com/logs/error_log
>>>    CustomLog /home/test.com/logs/access_log
>> combined
>>> </VirtualHost>
>>>
>>
> ##################################################################
>>> ############
>>>
>>> if I upload any php script with file open function
>>> suppose in test.com
>>> i can read  the content of test1.com thought their
>>> user and group are different
>>> and also i can view the whole directory structure
>> of
>>> my server
>>>
>>> I tired by giving "DocumetRoot ~" like this
>>> but it is not working i am finding the solution
>> but
>>> can any body help me in this problme?
>>> So it their any way from which i can stop this?
>>> anybody can help in this?
>>>
>>> Thanx in advance
>>>
>>>
>>>
>>>
>>> __________________________________________________
>>> Do you Yahoo!?
>>> Faith Hill - Exclusive Performances, Videos & More
>>> http://faith.yahoo.com
>>>
>>>
>>
> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the
>> Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html>
>> for more info.
>>> To unsubscribe, e-mail:
>> users-unsubscribe@httpd.apache.org
>>>    "   from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail:
>> users-help@httpd.apache.org
>>>
>>>
>>
>>
>>
> ---------------------------------------------------------------------
>> The official User-To-User support forum of the
>> Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for
>> more info.
>> To unsubscribe, e-mail:
>> users-unsubscribe@httpd.apache.org
>>    "   from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail:
>> users-help@httpd.apache.org
>>
>
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


Met vriendelijke groet,

Multi-Graphics
Eelco Alosery
Koekoeksbloem 11
8255 KH  Swifterbant
Tel : 0321-380014
Fax : 0321-843340
info@multi-graphics.nl
www.multi-graphics.nl



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org