You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Patric Falinder <pa...@omg.nu> on 2010/12/10 10:21:33 UTC
[users@httpd] Only let vhosts to browse their DocumentRoot and subdirectories.
Hi,
Recently one of my site got hacked and they uploaded lots of crap to it
that let them browse through the entire server with a php-script that
let them do all sorts of things.
I'm not an expert on Apache so thats why I'm asking you for help.
I want to know if/how I can let a certain vhost only to browse the
content of their folder.
So for example I have this vhost:
<VirtualHost *:80>
DocumentRoot /var/www/test
ServerName www.test.com
ServerAlias test.com
TransferLog /var/log/apache2/test.log
</VirtualHost>
Right now they can make a file-browser in PHP and go to
/var/www/othersite, browse /etc and by the looks of it the entire server..
How do I "block" them from browsing the parent directories of there
DocumentRoot?
Thanks,
-Patric
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Only let vhosts to browse their DocumentRoot and
subdirectories.
Posted by FROIDURE Nicolas <fr...@yahoo.fr>.
Hi,
Have a look to Suexec and Suphp.
++
Le 10/12/2010 10:21, Patric Falinder a écrit :
> Hi,
>
> Recently one of my site got hacked and they uploaded lots of crap to
> it that let them browse through the entire server with a php-script
> that let them do all sorts of things.
>
> I'm not an expert on Apache so thats why I'm asking you for help.
> I want to know if/how I can let a certain vhost only to browse the
> content of their folder.
>
> So for example I have this vhost:
>
> <VirtualHost *:80>
> DocumentRoot /var/www/test
> ServerName www.test.com
> ServerAlias test.com
> TransferLog /var/log/apache2/test.log
> </VirtualHost>
>
> Right now they can make a file-browser in PHP and go to
> /var/www/othersite, browse /etc and by the looks of it the entire
> server..
>
> How do I "block" them from browsing the parent directories of there
> DocumentRoot?
>
>
> Thanks,
> -Patric
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Cordialement, Nicolas Froidure, gérant, Elitwork SARL.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org