-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I need some help in securing a server for shared hosting accounts (apache virtual hosts). Among others, I would like to restrict .cgi, py, pl scripts from being run or served by the server, so I think I should put a .htaccess file in /var/www for restricting, but can't a customer simply put another .htaccess file in his home folder (a subfolder of /var/www) and rewrite my rules? What other things do I need to disable in apache and php (besides sendmail and curl fopen) in order to make a secure shared hosting server? Thank you in advance, any help is highly appreciated - pls provide with the exact syntax to input and where to input. - -- Roberto PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTynmXAAoJEIN/pSyBJlsRRckH/3Cw1cGWKHNEL3cM2Mv08C5G daEdWfp5hcp9aZQ/d66sb4uFe9IWwxLJgQfQnSgcG8OxcisDJkKtZ45uiIYg0xgH yCrX3iajym/HjTX2VW8s2qBrSBJsi4e0HUVpfVL2ETD6xFqkDZjgPWZPSCmDZxGI B6yviAiqbOTK9ko6zQ7MK3kzoGEuOZLCnOw4vNl+h2o/yKEjoUfnw4Vj3YjqzRqA QJvDbTXyOxlDmhe47SwANB7srF1KRCRTn36XYyYoHieHQ969DQwIz9Ev7U6h7VpV aXUHOaxMcCGyKvBp13dhfyVe90xMMWrcM/0J+C07hdJy6d/HHTCaJlHyon0lEdw= =C9/o -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|