On April 19, 2011 19:47 , "--[ UxBoD ]--" <uxbod@xxxxxxxxxxxx> wrote:
I have noticed that when running Joomla, or in-fact any browsing capable PHP code, I am able to navigate above my virtual host document root and look at other virtual host files. How would one stop this ? I have taken a look at mod_chroot but that does not seem to work as ChrootDir can only be used in the main configuration and not in the VirtualHost directive.
As an alternative to chroot, you could use privilege separation to achieve what you want, setting up each virtual host to execute PHP code as a different user from all other virtual hosts' users.
There are many ways to implement privilege separation, see http://wiki.apache.org/httpd/PrivilegeSeparation My favorite way is to use FastCGI, although I personally use mod_proxy_fcgi for this rather than mod_fcgid.
-- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx