Ive been hunting for a solution to this problem for quite some time now to no avail so im posting in the hope that someone else has run into this situation in the past.
*Background*
I am running apache 1.3.26 with php 4.1.2 loaded as a module (oldish I know). It is configured for mass hosting and as such all vhosts are run under the same username. Without using a separate users there was no way I could secure each vhost so they cannot include other hosted files no under their home directory. Setting a basedir restriction of '.' was the obvious solution and it works nicely except for one really annoying issue: if i have a script in say test.masshosting.com/directory/script.php and I want to include test.masshosting.com/morescript.php i can't, as the basedir restriction comes into effect, even though test.masshosting.com is in fact within the restraints of what I should be able to access.
The mass vhost config is as below - logically it makes sense as to why it occurs but how can we get around this while still remaining secure, using one user and keeping the flexible mass hosting structure?
<Directory /web/clans>
php_admin_flag safe_mode off
php_admin_value open_basedir "."
php_admin_value user_dir "htdocs"
</Directory>
<VirtualHost 123.456.678.987> UseCanonicalName Off
LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
CustomLog /var/log/httpd/access_log.clans vcommonRewriteEngine On
# a ServerName derived from a Host: header may be any case at all RewriteMap lowercase int:tolower
## deal with normal documents first:
# allow Alias /icons/ to work - repeat for other aliases
RewriteCond %{REQUEST_URI} !^/icons/
# do the magic
RewriteRule ^/(.*)$ /web/clans/${lowercase:%{SERVER_NAME}}/$1
</VirtualHost>Any help will be much appreciated.
Thanks in advance,
-- Byron "Conscience" Scaf Content Manager - Ozforces Pty. Ltd. Email: [EMAIL PROTECTED]
