...

View Full Version : Open_basedir and subdirectories problem



eugene2006
09-18-2006, 07:08 PM
Open_basedir and subdirectories problem
Hi for now I have this httpd-vhosts.conf
php_admin_value open_basedir "C:/aweb/freehosting/users/"

<VirtualHost *:80>
# ServerName pcsny.org
ServerName pcsny

ServerAlias *.pcsny.org
ServerAlias *.massmba.org

VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
php_admin_value open_basedir "C:/aweb/freehosting/users/"
php_admin_value safe_mode 1

<Directory "C:/aweb/freehosting/users/">
Options Indexes Includes FollowSymLinks
AllowOverride none
Order allow,deny
Allow from all
</Directory>
</VirtualHost>


Script makes under the subdirectory
C:/aweb/freehosting/users/
New folders (they are login name of a new user)
e.g
C:/aweb/freehosting/users/newuser1/
C:/aweb/freehosting/users/seconduser2/
C:/aweb/freehosting/users/mywebhosting/

To access to their web pages users have to type subdomains like this

http://Newuser1.massmba.org/
http://seconduser2.massmba.org/
http://mywebhosting.pcsny.org/

how to force users stay in their folders and not to be able to affect other users with malicious code like

r57shell - http-shell by RST/GHC |
http://rst.void.ru | http://ghc.ru | version 1.24
or http://php.spb.ru/remview/
if only I could do something like this
php_admin_value open_basedir "C:/aweb/freehosting/users/%1"
get subdomain entered in browser then fix top folder accessible for this user….
Help?
PS. I am on windows 2003, XAMPP

firepages
09-20-2006, 02:20 AM
dont allow wildcard domains in httpd or virtual confs and then add a new virtual host entry for each subdomain ?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum