Jump to content

JAIL CHROOT analog in windows apache?


eugene2006

Recommended Posts


VDS, WINDOWS2003, XAMPP, PHP5,MYSQL,FULL ACCESS
I can still get access to other users folders
By this hacking tool http://bbpress.automattic.com/attachment/ticket/34/remview.php

Tried to jail each user in his own folder  by VirtualDocumentRoot, thought it might help but alas but no can do yet, DocumentRoot does not unserstand % masks

VirtualDocumentRoot "C:/aweb/freehosting/users/%1" with varaiable works just fine but not php_admin_value switch
php_admin_value open_basedir "C:/aweb/freehosting/users/%1" – this stuff does not work…. Is there any other way to solve my problem?

Php error says
Warning: Unknown: open_basedir restriction in effect. File(C:/aweb/freehosting/users/zxc/zzz.php) is not within the allowed path(s): (C:/aweb/freehosting/users/%1) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Warning: Unknown: open_basedir restriction in effect. File(C:/aweb/freehosting/users/zxc/zzz.php) is not within the allowed path(s): (C:/aweb/freehosting/users/%1) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Warning: Unknown: Failed opening 'C:/aweb/freehosting/users/zxc/zzz.php' for inclusion (include_path='.;C:\server\xampp\php\pear\') in Unknown on line 0




Httpd-vhosts.conf
###################################################
<Directory "C:/aweb/freehosting">
  Options Indexes Includes FollowSymLinks ExecCGI
  AllowOverride all
  Order allow,deny
  Allow from all
</Directory>

<VirtualHost *:80>
  ServerName pcsny.org
  ServerAlias www.pcsny.org
  DocumentRoot "C:/aweb/freehosting"

  php_admin_value open_basedir "/"
  Options +FollowSymLinks
  RewriteEngine On
  RewriteRule ^/users/([^/]+)(/(.*))?$ http://$1.pcsny.org/$3 [R=301,L]
RewriteCond %{HTTP_HOST} ^pcsny\.org
RewriteCond %{REQUEST_URI} ^(.*)
RewriteRule (.*) http://www.pcsny.org/%1 [R=301,L]
</VirtualHost>

<VirtualHost *:80>
ServerName pcsny.org
ServerAlias *.pcsny.org
VirtualDocumentRoot "C:/aweb/freehosting/users/%1"

php_admin_value open_basedir "C:/aweb/freehosting/users/%1"
</VirtualHost>

####################################################


if I do DocumentRoot

<VirtualHost *:80>
ServerName pcsny.org
ServerAlias *.pcsny.org
#VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
DocumentRoot "C:/aweb/freehosting/users/%1"
#php_admin_value open_basedir "C:/aweb/freehosting/users/"
php_admin_value open_basedir on
</VirtualHost>



server says on subdomain zxc.pcsny.org

Object not found!

The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.

If you think this is a server error, please contact the webmaster.
Error 404
zxc.pcsny.org
09/11/06 20:45:55
Apache/2.2.2 (Win32) DAV/2 mod_ssl/2.2.2 OpenSSL/0.9.8b mod_autoindex_color PHP/5.1.4



VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
#DocumentRoot "C:/aweb/freehosting/users/%1"
#here I manually set to users folder where every user is being stored
#it more secure but not yet full enough to me, I want to jail them in their #folders

php_admin_value open_basedir "C:/aweb/freehosting/users/"

after that if Hacking tool Remview.php goes upper than  "C:/aweb/freehosting/users/"
says

Can't open directory C:/aweb/freehosting/
Reason:
Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(C:/aweb/freehosting/) is not within the allowed path(s): (C:/aweb/freehosting/users/) in C:\aweb\freehosting\users\zxc\remview.php on line 425




How to jail them in their folders?
How to allow people to use more .htaccess but still it would be secure for my server and other people?

I want to allow them to mod_rewrite and other useful stuff
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.