Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Sep 2006
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Open_basedir and subdirectories problem

    Open_basedir and subdirectories problem
    Hi for now I have this httpd-vhosts.conf
    php_admin_value open_basedir "C:/aweb/freehosting/users/"

    <VirtualHost *:80>
    # ServerName pcsny.org
    ServerName pcsny

    ServerAlias *.pcsny.org
    ServerAlias *.massmba.org

    VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
    php_admin_value open_basedir "C:/aweb/freehosting/users/"
    php_admin_value safe_mode 1

    <Directory "C:/aweb/freehosting/users/">
    Options Indexes Includes FollowSymLinks
    AllowOverride none
    Order allow,deny
    Allow from all
    </Directory>
    </VirtualHost>


    Script makes under the subdirectory
    C:/aweb/freehosting/users/
    New folders (they are login name of a new user)
    e.g
    C:/aweb/freehosting/users/newuser1/
    C:/aweb/freehosting/users/seconduser2/
    C:/aweb/freehosting/users/mywebhosting/

    To access to their web pages users have to type subdomains like this

    http://Newuser1.massmba.org/
    http://seconduser2.massmba.org/
    http://mywebhosting.pcsny.org/

    how to force users stay in their folders and not to be able to affect other users with malicious code like

    r57shell - http-shell by RST/GHC |
    http://rst.void.ru | http://ghc.ru | version 1.24
    or http://php.spb.ru/remview/
    if only I could do something like this
    php_admin_value open_basedir "C:/aweb/freehosting/users/%1"
    get subdomain entered in browser then fix top folder accessible for this user….
    Help?
    PS. I am on windows 2003, XAMPP

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,040
    Thanks
    10
    Thanked 92 Times in 90 Posts
    dont allow wildcard domains in httpd or virtual confs and then add a new virtual host entry for each subdomain ?
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •