Jump to content

Archived

This topic is now archived and is closed to further replies.

eugene2006

JAIL CHROOT analog in windows apache?

Recommended Posts


VDS, WINDOWS2003, XAMPP, PHP5,MYSQL,FULL ACCESS
I can still get access to other users folders
By this hacking tool http://bbpress.automattic.com/attachment/ticket/34/remview.php

Tried to jail each user in his own folder  by VirtualDocumentRoot, thought it might help but alas but no can do yet, DocumentRoot does not unserstand % masks

VirtualDocumentRoot "C:/aweb/freehosting/users/%1" with varaiable works just fine but not php_admin_value switch
php_admin_value open_basedir "C:/aweb/freehosting/users/%1" – this stuff does not work…. Is there any other way to solve my problem?

Php error says
Warning: Unknown: open_basedir restriction in effect. File(C:/aweb/freehosting/users/zxc/zzz.php) is not within the allowed path(s): (C:/aweb/freehosting/users/%1) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Warning: Unknown: open_basedir restriction in effect. File(C:/aweb/freehosting/users/zxc/zzz.php) is not within the allowed path(s): (C:/aweb/freehosting/users/%1) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Warning: Unknown: Failed opening 'C:/aweb/freehosting/users/zxc/zzz.php' for inclusion (include_path='.;C:\server\xampp\php\pear\') in Unknown on line 0




Httpd-vhosts.conf
###################################################
<Directory "C:/aweb/freehosting">
  Options Indexes Includes FollowSymLinks ExecCGI
  AllowOverride all
  Order allow,deny
  Allow from all
</Directory>

<VirtualHost *:80>
  ServerName pcsny.org
  ServerAlias www.pcsny.org
  DocumentRoot "C:/aweb/freehosting"

  php_admin_value open_basedir "/"
  Options +FollowSymLinks
  RewriteEngine On
  RewriteRule ^/users/([^/]+)(/(.*))?$ http://$1.pcsny.org/$3 [R=301,L]
RewriteCond %{HTTP_HOST} ^pcsny\.org
RewriteCond %{REQUEST_URI} ^(.*)
RewriteRule (.*) http://www.pcsny.org/%1 [R=301,L]
</VirtualHost>

<VirtualHost *:80>
ServerName pcsny.org
ServerAlias *.pcsny.org
VirtualDocumentRoot "C:/aweb/freehosting/users/%1"

php_admin_value open_basedir "C:/aweb/freehosting/users/%1"
</VirtualHost>

####################################################


if I do DocumentRoot

<VirtualHost *:80>
ServerName pcsny.org
ServerAlias *.pcsny.org
#VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
DocumentRoot "C:/aweb/freehosting/users/%1"
#php_admin_value open_basedir "C:/aweb/freehosting/users/"
php_admin_value open_basedir on
</VirtualHost>



server says on subdomain zxc.pcsny.org

Object not found!

The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.

If you think this is a server error, please contact the webmaster.
Error 404
zxc.pcsny.org
09/11/06 20:45:55
Apache/2.2.2 (Win32) DAV/2 mod_ssl/2.2.2 OpenSSL/0.9.8b mod_autoindex_color PHP/5.1.4



VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
#DocumentRoot "C:/aweb/freehosting/users/%1"
#here I manually set to users folder where every user is being stored
#it more secure but not yet full enough to me, I want to jail them in their #folders

php_admin_value open_basedir "C:/aweb/freehosting/users/"

after that if Hacking tool Remview.php goes upper than  "C:/aweb/freehosting/users/"
says

Can't open directory C:/aweb/freehosting/
Reason:
Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(C:/aweb/freehosting/) is not within the allowed path(s): (C:/aweb/freehosting/users/) in C:\aweb\freehosting\users\zxc\remview.php on line 425




How to jail them in their folders?
How to allow people to use more .htaccess but still it would be secure for my server and other people?

I want to allow them to mod_rewrite and other useful stuff

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.