----- Original Message -----
> Hi,
>
> I have noticed that when running Joomla, or in-fact any browsing
> capable PHP code, I am able to navigate above my virtual host
> document root and look at other virtual host files.
>
> How would one stop this ? I have taken a look at mod_chroot but that
> does not seem to work as ChrootDir can only be used in the main
> configuration and not in the VirtualHost directive.
>
> For reference I am running Apache 2.2.17.
I have tried to create a second instance of HTTP, running on port 8080, using the following conf:
LoadModule chroot_module modules/mod_chroot.so
LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule expires_module modules/mod_expires.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule php5_module modules/libphp5.so
LoadModule deflate_module modules/mod_deflate.so
LoadFile /lib64/libnss_dns.so.2
AddHandler php5-script php
Listen 8080
ChrootDir /www/somevhost.co.uk
ServerRoot /
DocumentRoot /htdocs
RequestHeader Set Host www.somevhost.co.uk
PidFile /var/run/apache2.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
User somevhost.co.uk
Group somevhost.co.uk
HostnameLookups Off
LogLevel warn
ErrorLog /logs/error.log
CustomLog /logs/access.log combined
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
<Directory /htdocs>
Order deny,allow
Allow from all
AllowOverride All
</Directory>
Though when I run :-
/usr/local/apache/bin/httpd -f /www/somevhost.co.uk/conf/apache2.conf -k start
it complains that it cannot find the DocumentRoot directory which would suggest that the Chroot is not taking place. If I use absolute paths then HTTPD does indeed start but a phpinfo() returns the path as being /www/somevhost.co.uk/htdocs instead of /htdocs.
Any ideas what I could be doing wrong please ?
--
Thanks, Phil
|