httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patric Falinder <patric.falin...@omg.nu>
Subject [users@httpd] Only let vhosts to browse their DocumentRoot and subdirectories.
Date Fri, 10 Dec 2010 09:21:33 GMT
Hi,

Recently one of my site got hacked and they uploaded lots of crap to it 
that let them browse through the entire server with a php-script that 
let them do all sorts of things.

I'm not an expert on Apache so thats why I'm asking you for help.
I want to know if/how I can let a certain vhost only to browse the 
content of their folder.

So for example I have this vhost:

<VirtualHost *:80>
DocumentRoot /var/www/test
ServerName www.test.com
ServerAlias test.com
TransferLog /var/log/apache2/test.log
</VirtualHost>

Right now they can make a file-browser in PHP and go to 
/var/www/othersite, browse /etc and by the looks of it the entire server..

How do I "block" them from browsing the parent directories of there 
DocumentRoot?


Thanks,
-Patric

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message