Jump to content

HTTP Root filesystem not secure


bky1701

Recommended Posts

Hi, I have a problem (I'm using the newest PHP and Apache), I have a few “sub sites” that other people run on my self-hosted server, but a few weeks ago I found a major security risk: any sub-site (HTTPROOT/sub/[site name]) can use PHP to edit/delete/view any other sub-site or any of the main site (HTTPROOT/ICU and HTTPROOT/FOM are the important ones).

I want to be able to set permissions somewhere to only allow scripts in certain folders to go backwards (ie, I want to let the sub-sites go back from HTTPROOT/sub/[site name]/forum to HTTPROOT/sub/[site name], but not allow them to go any further then their sub-site's root).

I know it can be done with a virtual host... but that is not really what I want, I know there must be a better way.

How can I fix this?
Link to comment
Share on other sites

  • 3 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.