httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragon <>
Subject Re: [users@httpd] Apache 2.2 security concern
Date Sat, 12 May 2007 17:02:33 GMT
Sam Lavitt did speak thusly:

>Based on my research, suexec only works for SSI and CGI, so it would 
>be pointless for providing security with php, and doing 
>mass-hosting, php is something in pretty common use.  And I am 
>sorry, I mis-spoke, the mpm was mpm_perchild for apache 2.0, which 
>apparently is abandoned and broken. (see 
> )  I lack the 
>programing skills that would be needed to repair it unfortunately.
>So is there anything that is functional, maintained, and would allow 
>me to provide the security that would be needed, ideally apache 2.2, 
>if not, at least 2.0?  Or any other webserver which can provide the 
>security needed?
---------------- End original message. ---------------------

PHP provides for this directly.

There is a restrict_base_dir setting that can be applied to each 
virtual host that prevents users from accessing anything outside of 
the specified directory tree.

Go to and check the docs for more info.


  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message