tags:

views:

82

answers:

2
+1  Q: 

Apache configuration. How to forbid root folders viewing

I've added VirtualHost ServerAdmin root@localhost DocumentRoot /var/www/html/blogovet.ru ServerName www.blogovet.ru ServerAlias blogovet.ru

But my script in this domain can see all server files /* not only in his directory /var/www/html/blogovet.ru

How to forbid viewing files except DocumentRoot ?

A: 

A script will be able to read all files that the user running the script can read. So you should make sure your web server does not run as root (it needs to be started as root to listen on port 80, but should swich user to e.g. "www" itself), and then make sure that that user can't read any sensible files.

You could also use SElinux for an extra layer of security.

Rasmus Kaj  2009-11-08 12:08:05
Thanks for answer. I've tried to run apache as other user (login by ssh and run). But I sow error message "access denied"!!
SPnova  2009-11-10 12:38:40
You need to start apache as root, but you should configure it to swich to another user after listening to port 80. See the User and Group apache configuration directives.
Rasmus Kaj  2009-11-10 14:09:04
A: 

I found this solution for PHP (If disable cgi and ssi, looks good)

<VirtualHost *:80>
    ServerAdmin root@localhost
    DocumentRoot /var/www/html/site.com
    ServerName www.site.com
    ServerAlias site.com
    ErrorLog /var/www/html/site.com/error-log
#    TransferLog /var/www/html/site.com/transfer-log
#    CustomLog /var/www/html/site.com/access-log common
    <IfModule mod_php5.c>
        php_admin_value upload_tmp_dir "/tmp"
        php_admin_value include_path ".:/usr/share/pear:/usr/share/php:/var/www/html/site.com"
        php_admin_value open_basedir "/var/www/html/site.com"
        php_admin_value doc_root "/var/www/html/site.com"
    </IfModule>
    <Directory "/var/www/html/site.com">
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
SPnova  2009-11-09 08:46:45
Here, a php script _can_ still access any readable files in the file system, but the specific script php_admin will attempt to only access certain files.
Rasmus Kaj  2009-11-10 14:11:10

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP