On Tue, 2013-09-17 at 10:15 +1000, Roger wrote: > I don't grasp the significance of a directory called /html or /better > or /someothername except that httpd.conf refers to /html. It could > equally refer to /someothername with the same vulnerability. Undiplomatic blunt mode - the point would be obvious if you had read the Apache manual, and understood how to run webservers before you tried to do something fancy with them. Learn to use a webserver, in its basic forms, before you try running something more complex, such as adding Joomla (or anything else) to it. I understood all of this, years ago, by reading the manuals and experimenting. I didn't need external information to understand it. The manuals are going to tell you the same information that we will. As I've already explained, if I am running virtual hosts, so that I might run three completely different websites on the same webserver. You do NOT want browsers to be able to traverse into another webserver just by them changing filepaths in the URI. And that's the point about not making virtual hosts as sub-directories inside /var/www/html. They can all be walked into by the front door of the default webserver. The same kind of thing applies to running other applications on the server to form parts of the same website. You keep their content separated in the directory tree. So that browsers can only access what they're supposed to, not wade around all over the place because you've shovelled everything into the same spot. Reading between the lines, I think you need to learn how to manage filing systems on your computer, before contemplating webserving them. I'm not talking about ext3 versus fat, but the concept of storing data in different, logical, separated, categorised, locations. And, the concept of chrooting, as that's how the webserver works - it provides WWW access to sandboxed areas of filespace. > Are VirtualHosts more secure than /html? No. They're just treated as another server instance. Which can be operated with different parameters (including where the HTML files are located). -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
