httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "--[ UxBoD ]--" <>
Subject Re: [users@httpd] Chroot a virtual host
Date Wed, 20 Apr 2011 09:55:00 GMT
----- Original Message -----
> Hi,
> I have noticed that when running Joomla, or in-fact any browsing
> capable PHP code, I am able to navigate above my virtual host
> document root and look at other virtual host files.
> How would one stop this ? I have taken a look at mod_chroot but that
> does not seem to work as ChrootDir can only be used in the main
> configuration and not in the VirtualHost directive.
> For reference I am running Apache 2.2.17.

I have tried to create a second instance of HTTP, running on port 8080, using the following

LoadModule chroot_module      modules/
LoadModule headers_module     modules/
LoadModule rewrite_module     modules/
LoadModule expires_module     modules/
LoadModule auth_basic_module  modules/
LoadModule php5_module        modules/
LoadModule deflate_module     modules/

LoadFile /lib64/

AddHandler php5-script php

Listen 8080

ChrootDir    /www/
ServerRoot   /
DocumentRoot /htdocs

RequestHeader Set Host
PidFile /var/run/
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15


HostnameLookups Off
LogLevel warn

ErrorLog  /logs/error.log
CustomLog /logs/access.log combined

<IfModule dir_module>
    DirectoryIndex index.html index.php

AccessFileName .htaccess

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all

<Directory /htdocs>
    Order deny,allow
    Allow from all
    AllowOverride All

Though when I run :-

/usr/local/apache/bin/httpd -f /www/ -k start

it complains that it cannot find the DocumentRoot directory which would suggest that the Chroot
is not taking place.  If I use absolute paths then HTTPD does indeed  start but a phpinfo()
returns the path as being /www/ instead of /htdocs.

Any ideas what I could be doing wrong please ?
Thanks, Phil
  • Unnamed multipart/alternative (inline, None, 0 bytes)
    • Unnamed multipart/related (inline, None, 0 bytes)
View raw message