You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Byron <by...@ozforces.com> on 2003/10/17 10:27:19 UTC
[users@httpd] basedir restrictions with apache.
Evening all :)
Ive been hunting for a solution to this problem for quite some time now
to no avail so im posting in the hope that someone else has run into
this situation in the past.
*Background*
I am running apache 1.3.26 with php 4.1.2 loaded as a module (oldish I
know). It is configured for mass hosting and as such all vhosts are run
under the same username. Without using a separate users there was no
way I could secure each vhost so they cannot include other hosted files
no under their home directory. Setting a basedir restriction of '.'
was the obvious solution and it works nicely except for one really
annoying issue: if i have a script in say
test.masshosting.com/directory/script.php and I want to include
test.masshosting.com/morescript.php i can't, as the basedir restriction
comes into effect, even though test.masshosting.com is in fact within
the restraints of what I should be able to access.
The mass vhost config is as below - logically it makes sense as to why
it occurs but how can we get around this while still remaining secure,
using one user and keeping the flexible mass hosting structure?
<Directory /web/clans>
php_admin_flag safe_mode off
php_admin_value open_basedir "."
php_admin_value user_dir "htdocs"
</Directory>
<VirtualHost 123.456.678.987>
UseCanonicalName Off
LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
CustomLog /var/log/httpd/access_log.clans vcommon
RewriteEngine On
# a ServerName derived from a Host: header may be any case at all
RewriteMap lowercase int:tolower
## deal with normal documents first:
# allow Alias /icons/ to work - repeat for other aliases
RewriteCond %{REQUEST_URI} !^/icons/
# do the magic
RewriteRule ^/(.*)$ /web/clans/${lowercase:%{SERVER_NAME}}/$1
</VirtualHost>
Any help will be much appreciated.
Thanks in advance,
--
Byron "Conscience" Scaf
Content Manager - Ozforces Pty. Ltd.
Email: byron@ozforces.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org