httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patric Falinder <>
Subject [users@httpd] Only let vhosts to browse their DocumentRoot and subdirectories.
Date Fri, 10 Dec 2010 09:21:33 GMT

Recently one of my site got hacked and they uploaded lots of crap to it 
that let them browse through the entire server with a php-script that 
let them do all sorts of things.

I'm not an expert on Apache so thats why I'm asking you for help.
I want to know if/how I can let a certain vhost only to browse the 
content of their folder.

So for example I have this vhost:

<VirtualHost *:80>
DocumentRoot /var/www/test
TransferLog /var/log/apache2/test.log

Right now they can make a file-browser in PHP and go to 
/var/www/othersite, browse /etc and by the looks of it the entire server..

How do I "block" them from browsing the parent directories of there 


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message