You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Byron <by...@ozforces.com> on 2003/10/17 10:27:19 UTC

[users@httpd] basedir restrictions with apache.

Evening all :)

Ive been hunting for a solution to this problem for quite some time now 
to no avail so im posting in the hope that someone else has run into 
this situation in the past.

*Background*
I am running apache 1.3.26 with php 4.1.2 loaded as a module (oldish I 
know).  It is configured for mass hosting and as such all vhosts are run 
under the same username.  Without using a separate users  there was no 
way I could secure each vhost so they cannot include other hosted files 
no under their home directory.   Setting a basedir restriction  of '.' 
was the obvious solution and it works nicely except for one really 
annoying issue: if i have a script in say 
test.masshosting.com/directory/script.php and I want to include 
test.masshosting.com/morescript.php i can't, as the basedir restriction 
comes into effect, even though test.masshosting.com is in fact within 
the restraints of what I should be able to access.

The mass vhost config is as below - logically it makes sense as to why 
it occurs but how can we get around this while still remaining secure, 
using one user and keeping the flexible mass hosting structure?

<Directory /web/clans>
        php_admin_flag safe_mode off
        php_admin_value open_basedir "."
        php_admin_value user_dir "htdocs"
</Directory>


<VirtualHost 123.456.678.987>
    UseCanonicalName Off

    LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
    CustomLog /var/log/httpd/access_log.clans vcommon

    RewriteEngine On

    # a ServerName derived from a Host: header may be any case at all
    RewriteMap  lowercase  int:tolower

    ## deal with normal documents first:
    # allow Alias /icons/ to work - repeat for other aliases
    RewriteCond  %{REQUEST_URI}  !^/icons/
    # do the magic
    RewriteRule  ^/(.*)$  /web/clans/${lowercase:%{SERVER_NAME}}/$1
</VirtualHost>

Any help will be much appreciated.

Thanks in advance,

-- 
Byron "Conscience" Scaf
Content Manager - Ozforces Pty. Ltd.
Email: byron@ozforces.com



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org