Sikkerhed i mass virtual hosting

• Next message: Kristen Nielsen: "Re: MP3-encoder"
• Previous message: Morten Nissen: "Re: Krask møde - where to eat.."
• Next in thread: Kim Nielsen: "Re: Sikkerhed i mass virtual hosting"
• Reply: Kim Nielsen: "Re: Sikkerhed i mass virtual hosting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Sun, 1 Dec 2002 16:20:41 +0100
From: Jakob Kruse <none@jkr--shopmaker.dk.lh.bsd-dk.dk>
To: bsd-dk@bsd-dk.dk
Subject: Sikkerhed i mass virtual hosting

Hej alle,

Er der nogle der har en ide til hvordan man i en rewrite regel kan undgå at
folk med hjælp af php kan forlade deres homedir ?
Har kigget på open_basedir, men et . lader ikke til at hjælpe mig :/

Hvis det ikke kan lade sig gøre med en rewrite regel, hvad er der så ellers
a muligheder ?

Sådan ser mit regelsæt ud

RewriteEngine On
RewriteMap lowercase int:tolower

RewriteCond %{REQUEST_URI} !^/icons/
RewriteCond %{REQUEST_URI} !^/cgi-bin/

RewriteCond /hosts/${lowercase:%{HTTP_HOST}} !-d
RewriteRule ^(.*)$ /hosts/index.html [L]

RewriteRule ^\.htaccess$ - [F]

RewriteRule ^/stats(.*)$ /hosts/${lowercase:%{SERVER_NAME}}/stats/$1 [L]
RewriteRule ^/(.*)$ /hosts/${lowercase:%{SERVER_NAME}}/public_html/$1

RewriteCond %{REQUEST_URI} ^/cgi-bin/
RewriteRule ^/(.*)$ /hosts/${lowercase:%{SERVER_NAME}}/cgi-bin/$1
[T=application/x-httpd-cgi]

Hilsen

Jakob

• Next message: Kristen Nielsen: "Re: MP3-encoder"
• Previous message: Morten Nissen: "Re: Krask møde - where to eat.."
• Next in thread: Kim Nielsen: "Re: Sikkerhed i mass virtual hosting"
• Reply: Kim Nielsen: "Re: Sikkerhed i mass virtual hosting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:25 CET