JAIL CHROOT analog in windows apache?

Off-topic chat. Post your favorite mod_rewrite jokes here!

JAIL CHROOT analog in windows apache?

Postby eugene2006 » Mon Sep 11, 2006 11:25 am

VDS, WINDOWS2003, XAMPP, PHP5,MYSQL,FULL ACCESS
I can still get access to other users folders
By this hacking tool http://bbpress.automattic.com/attachmen ... emview.php

Tried to jail each user in his own folder by VirtualDocumentRoot, thought it might help but alas but no can do yet, DocumentRoot does not unserstand % masks

VirtualDocumentRoot "C:/aweb/freehosting/users/%1" with varaiable works just fine but not php_admin_value switch
php_admin_value open_basedir "C:/aweb/freehosting/users/%1" – this stuff does not work…. Is there any other way to solve my problem?

Php error says
Warning: Unknown: open_basedir restriction in effect. File(C:/aweb/freehosting/users/zxc/zzz.php) is not within the allowed path(s): (C:/aweb/freehosting/users/%1) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Warning: Unknown: open_basedir restriction in effect. File(C:/aweb/freehosting/users/zxc/zzz.php) is not within the allowed path(s): (C:/aweb/freehosting/users/%1) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Warning: Unknown: Failed opening 'C:/aweb/freehosting/users/zxc/zzz.php' for inclusion (include_path='.;C:\server\xampp\php\pear\') in Unknown on line 0




Httpd-vhosts.conf
###################################################
<Directory "C:/aweb/freehosting">
Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride all
Order allow,deny
Allow from all
</Directory>

<VirtualHost *:80>
ServerName pcsny.org
ServerAlias www.pcsny.org
DocumentRoot "C:/aweb/freehosting"

php_admin_value open_basedir "/"
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^/users/([^/]+)(/(.*))?$ http://$1.pcsny.org/$3 [R=301,L]
RewriteCond %{HTTP_HOST} ^pcsny\.org
RewriteCond %{REQUEST_URI} ^(.*)
RewriteRule (.*) http://www.pcsny.org/%1 [R=301,L]
</VirtualHost>

<VirtualHost *:80>
ServerName pcsny.org
ServerAlias *.pcsny.org
VirtualDocumentRoot "C:/aweb/freehosting/users/%1"

php_admin_value open_basedir "C:/aweb/freehosting/users/%1"
</VirtualHost>

####################################################


if I do DocumentRoot

<VirtualHost *:80>
ServerName pcsny.org
ServerAlias *.pcsny.org
#VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
DocumentRoot "C:/aweb/freehosting/users/%1"
#php_admin_value open_basedir "C:/aweb/freehosting/users/"
php_admin_value open_basedir on
</VirtualHost>



server says on subdomain zxc.pcsny.org

Object not found!

The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.

If you think this is a server error, please contact the webmaster.
Error 404
zxc.pcsny.org
09/11/06 20:45:55
Apache/2.2.2 (Win32) DAV/2 mod_ssl/2.2.2 OpenSSL/0.9.8b mod_autoindex_color PHP/5.1.4



VirtualDocumentRoot "C:/aweb/freehosting/users/%1"
#DocumentRoot "C:/aweb/freehosting/users/%1"
#here I manually set to users folder where every user is being stored
#it more secure but not yet full enough to me, I want to jail them in their #folders

php_admin_value open_basedir "C:/aweb/freehosting/users/"

after that if Hacking tool Remview.php goes upper than "C:/aweb/freehosting/users/"
says

Can't open directory C:/aweb/freehosting/
Reason:
Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(C:/aweb/freehosting/) is not within the allowed path(s): (C:/aweb/freehosting/users/) in C:\aweb\freehosting\users\zxc\remview.php on line 425




How to jail them in their folders?
How to allow people to use more .htaccess but still it would be secure for my server and other people?

I want to allow them to mod_rewrite and other useful stuff
eugene2006
 
Posts: 21
Joined: Sat Sep 09, 2006 4:16 am

Return to Almost Anything Goes

Who is online

Users browsing this forum: No registered users and 1 guest

cron