suphp how disable ls /

Posted by Pol Hallen on Server Fault See other posts from Server Fault or by Pol Hallen
Published on 2013-06-30T19:26:50Z Indexed on 2013/06/30 22:22 UTC
Read the original article Hit count: 332

Filed under:
|

Using suphp, I set a php.ini to every virtual host. In php.ini I also setted:

open_basedir = /home/site1

php script runs, but if I ve a script with ls / I can see whole root directory.

How can disable this hole security?

<VirtualHost *:80>
ServerName site1
ServerAlias www.site1.com

DirectoryIndex index.html index.htm
DocumentRoot /home/site1/

suPHP_Engine on
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php

# THIS READ php.ini
suPHP_ConfigPath /home/site1/

<Directory /home/site1/>

Options -Includes -Indexes -FollowSymLinks -ExecCGI -MultiViews
AllowOverride none
Order allow,deny
Allow from all
 </Directory>
</VirtualHost>

© Server Fault or respective owner

Related posts about apache2

Related posts about php