[nycbug-talk] apache: securing each virtural host
dcasey at bestweb.net
Thu Feb 3 14:41:48 EST 2005
Well, VirtualHost reffering to the apache config.
I want a jail-like setup. But not for apache as a whole.
Apache will have several websites (NameBased VirtualHosts).
Each User (1 perl website) will be able to there files only, in what will
appear to them as a server or filesystem.
Now if it where just one site, a regular jail would be fine. But I want to
keep each site seperate.
I don't seem to understand how to achieve this with running a seperate jail
for each site.
Each jail would then need to run its own httpd.conf, and start its own httpd
By default apache opens 5 servers.
say 50 websites / 50 jails * 5 servers = .... not an ideal situation :)
I cannot imagine that this is the only way to achieve this affect.
----- Original Message -----
From: "Marc Spitzer" <mspitzer at gmail.com>
To: "nycbug" <talk at lists.nycbug.org>
Sent: Thursday, February 03, 2005 8:20 AM
Subject: Re: [nycbug-talk] apache: securing each virtural host
> On Thu, 3 Feb 2005 10:03:08 -0500, Dan Casey <dcasey at bestweb.net> wrote:
> > I have posted this question on alt.apache.configuration and several
> > as well.. Nobody seems to have an answer as to how this is done. I have
> > account on a webserver that is using ensim cp. There server does what I
> > trying to achieve.
> > I know how to chroot apache, that's no problem.
> > What I would like to do is lock each virtualhost to be able to see its
> > files only. The system that I have the account on was able to achieve
> > using up about 20Mb per virtualhost.
> > Example of why I am trying to achieve this.
> > Say I have my web files in folders such as
> > /usr/local/virtual/some-domain.com/www
> > I would need to set the ServerRoot to /usr/local/virtual/
> > The VirtualHost DocumentRoot's would be set to
> > /usr/local/virtual/some-domain.com/www and so.
> > A user executes a script in his browser. some-domain.com/cgi-bin/ls.cgi
> > this script looks like so
> > #!/usr/local/bin/perl
> > print "Content-Type: text/html\n\n";
> > print `ls -la /';
> > the contents on there screen would be the output of
> > ls -la /usr/local/virtual/
> > thus listing all the domains available on the server.
> > I need to set this up so that that same script would return the output
> > ls -la /usr/local/virtual/some-domain.com/
> > which would appear something like this:
> > /etc
> > /dev
> > /usr
> > ...
> I think you are confusing your terms, from what I see you do not want
> a virtual host. What you want is a jail, on freebsd, or a xen virtual
> machine, on netbsd 2. You do not want a virtual host, that would only
> contain the web server stuff(docroot, cgi's, etc.).
> Now if you do want virtual server, not virtual hosts, what OS are you
> planning on doing this on?
> % NYC*BUG talk mailing list
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.4 - Release Date: 2/1/2005
More information about the talk