[nycbug-talk] apache: securing each virtural host
Marc Spitzer
mspitzer
Thu Feb 3 11:20:04 EST 2005
On Thu, 3 Feb 2005 10:03:08 -0500, Dan Casey <dcasey at bestweb.net> wrote:
>
> I have posted this question on alt.apache.configuration and several forums
> as well.. Nobody seems to have an answer as to how this is done. I have an
> account on a webserver that is using ensim cp. There server does what I am
> trying to achieve.
>
>
> I know how to chroot apache, that's no problem.
> What I would like to do is lock each virtualhost to be able to see its own
> files only. The system that I have the account on was able to achieve this
> using up about 20Mb per virtualhost.
>
>
> Example of why I am trying to achieve this.
> Say I have my web files in folders such as
> /usr/local/virtual/some-domain.com/www
>
> I would need to set the ServerRoot to /usr/local/virtual/
> The VirtualHost DocumentRoot's would be set to
> /usr/local/virtual/some-domain.com/www and so.
>
> A user executes a script in his browser. some-domain.com/cgi-bin/ls.cgi
> this script looks like so
> #!/usr/local/bin/perl
> print "Content-Type: text/html\n\n";
> print `ls -la /';
>
> the contents on there screen would be the output of
> ls -la /usr/local/virtual/
> thus listing all the domains available on the server.
>
> I need to set this up so that that same script would return the output of
> ls -la /usr/local/virtual/some-domain.com/
> which would appear something like this:
> /etc
> /dev
> /usr
> ...
I think you are confusing your terms, from what I see you do not want
a virtual host. What you want is a jail, on freebsd, or a xen virtual
machine, on netbsd 2. You do not want a virtual host, that would only
contain the web server stuff(docroot, cgi's, etc.).
Now if you do want virtual server, not virtual hosts, what OS are you
planning on doing this on?
marc
More information about the talk
mailing list