----- Original Message ----- > Hi, > > I have noticed that when running Joomla, or in-fact any browsing > capable PHP code, I am able to navigate above my virtual host > document root and look at other virtual host files. > > How would one stop this ? I have taken a look at mod_chroot but that > does not seem to work as ChrootDir can only be used in the main > configuration and not in the VirtualHost directive. > > For reference I am running Apache 2.2.17. I have tried to create a second instance of HTTP, running on port 8080, using the following conf: LoadModule chroot_module modules/mod_chroot.so LoadModule headers_module modules/mod_headers.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule expires_module modules/mod_expires.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule php5_module modules/libphp5.so LoadModule deflate_module modules/mod_deflate.so LoadFile /lib64/libnss_dns.so.2 AddHandler php5-script php Listen 8080 ChrootDir /www/somevhost.co.uk ServerRoot / DocumentRoot /htdocs RequestHeader Set Host www.somevhost.co.uk PidFile /var/run/apache2.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 User somevhost.co.uk Group somevhost.co.uk HostnameLookups Off LogLevel warn ErrorLog /logs/error.log CustomLog /logs/access.log combined <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> <Directory /htdocs> Order deny,allow Allow from all AllowOverride All </Directory> Though when I run :- /usr/local/apache/bin/httpd -f /www/somevhost.co.uk/conf/apache2.conf -k start it complains that it cannot find the DocumentRoot directory which would suggest that the Chroot is not taking place. If I use absolute paths then HTTPD does indeed start but a phpinfo() returns the path as being /www/somevhost.co.uk/htdocs instead of /htdocs. Any ideas what I could be doing wrong please ? -- Thanks, Phil