Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: How to use open_basedir with fcgid (fastcgi)? |
|
| Author |
|
Sunburst
Joined: 09 Mar 2012
Posts: 20
|
 Posted: Wed 18 Apr '12 22:08 Post subject: How to use open_basedir with fcgid (fastcgi)? |
 |
|
Hi all
Before using fcgid (fastcgi) I had this open_basedir restriction in each site's vhost file (simplified):
| Code: | <Directory /site123>
....
php_admin_value open_basedir /site123
....
</Directory> |
But when using fcgid I could not use php_admin_value anymore ... and I just found out that a script in one site can actually.............. !!!! .......... can create files and folders on another site. BIG security problem.
Please help. I tried everything to restrict each site to its own webfolder. I tried googling the topic, but nothing worked.
One of my many vhost files look like:
| Code: | <VirtualHost *:80>
DocumentRoot C:/Storage/Web/site123
ServerName www.xxxxxxxxxx.com
ErrorLog C:/Storage/Web/site123/errorsapache.txt
ErrorDocument 404 /index.php
<Directory C:/Storage/Web/site123>
Options ExecCGI
AllowOverride All
Require all granted
<IfModule dir_module>
DirectoryIndex index.php index.html index.htm
</IfModule>
</Directory>
</VirtualHost> |
What to do?
I my vhost file I have:
| Code: | <Directory C:/>
Require all denied
Options None
AllowOverride None
</Directory>
<Directory C:/Storage/Web>
Require all denied
Options None
AllowOverride None
</Directory> |
In php.ini I have:
| Code: | | open_basedir = "C:\Storage\Web\" |
My fastcgi settings are:
| Code: | LoadModule fcgid_module modules/mod_fcgid.so
<IfModule mod_fcgid.c>
FcgidInitialEnv PHPRC "C:/Storage/Webserver/Apache1/PHP/php-5.3.10-nts-Win32-VC9-x86"
FcgidInitialEnv PATH "C:/Storage/Webserver/Apache1/PHP/php-5.3.10-nts-Win32-VC9-x86;C:/WINDOWS/system32;C:/WINDOWS;C:/WINDOWS/System32/Wbem;"
FcgidInitialEnv SystemRoot "C:/Windows"
FcgidInitialEnv SystemDrive "C:"
FcgidInitialEnv TEMP "C:/WINDOWS/Temp"
FcgidInitialEnv TMP "C:/WINDOWS/Temp"
FcgidInitialEnv windir "C:/WINDOWS"
FcgidIOTimeout 64
FcgidConnectTimeout 16
FcgidMaxRequestsPerProcess 500
FcgidMaxRequestLen 524288000
<Files ~ "\.php$>"
AddHandler fcgid-script .php
FcgidWrapper "C:/Storage/Webserver/Apache1/PHP/php-5.3.10-nts-Win32-VC9-x86/php-cgi.exe" .php
</Files>
</IfModule>
|
This scrips actually creates a folder named "test" in ANOTHER site's folder:
| Code: | <?php
$structure = "C:/Storage/Web/AnotherSiteFolder/test";
if (!mkdir($structure, 0, true)) {
die('Failed to create folders...');
}
?> |
Thank you very much for your help 
UPDATE 1:
I even tried inserting this into a vhost file:
| Code: | | PHPINIDir "C:/Storage/Web/site123" |
And having the local php.ini file have a specific open_basedir location.
It does give any error, but it is still the global php.ini file that is used.
UPDATE2:
I read somewhere that the solution is to write a php5-CGI wrapper which uses the local php.ini for each site instead of the global php.ini... BUT I do not know how to do write this wrapper. Can anyone help?
UPDATE3:
I even tried inserting this in the site's htaccess file:
| Code: | | php_value open_basedir "C:/Storage/Web/site123" |
But it just gave an 500 error with this description:
| Quote: | | Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration |
|
|
| Back to top |
|
Millennium
Joined: 17 Apr 2006
Posts: 179
Location: Leiderdorp, NL, EU
|
| Posted: Thu 19 Apr '12 9:25 Post subject: |
|
|
in global php.ini
[PATH=C:/Storage/Web/site123]
open_basedir = "C:/Storage/Web/site123/"
Works fine for me |
|
| Back to top |
|
Sunburst
Joined: 09 Mar 2012
Posts: 20
|
| Posted: Thu 19 Apr '12 10:05 Post subject: |
|
|
Hi Millennium
Thank you SO much It works I spent 6 hours of googling and your answer helped
Thank you very much  Have an nice day |
|
| Back to top |
|
Sunburst
Joined: 09 Mar 2012
Posts: 20
|
| Posted: Thu 19 Apr '12 11:19 Post subject: |
|
|
It works on my test server (hosting one site), but implementing on my live server gives a "No input file specified" error for all sites.
I just did like this in the bottom of the global php.ini file (simplified):
| Code: | [PATH=C:/Storage/Web/site1]
open_basedir = "C:/Storage/Web/site1/"
[PATH=C:/Storage/Web/site2]
open_basedir = "C:/Storage/Web/site2/"
[PATH=C:/Storage/Web/site3]
open_basedir = "C:/Storage/Web/site3/"
[PATH=C:/Storage/Web/site4]
open_basedir = "C:/Storage/Web/site4/" |
I also saw in phpinfo() that local values where correct while the global value was not correct (default values).
Can you give another hint?
UPDATE1: Apache 2.2 gives "No input file specified" for all sites (even if only one PATH is defined), whereas Apache 2.4 works great for all sites. So I have to focus at Apache 2.2.
UPDATE2: No, I had nothing to do with Apache 2.2. I upgraded this server to Apache 2.4 and the error was still there. It has something to do with PHP 5.2 (needed for some very old sites) or my PHP.ini file for PHP 5.2. Any hints? |
|
| Back to top |
|
Millennium
Joined: 17 Apr 2006
Posts: 179
Location: Leiderdorp, NL, EU
|
| Posted: Thu 19 Apr '12 14:19 Post subject: |
|
|
| Is sure has. Then [PATH=] Feature is new in PHP 5.3 |
|
| Back to top |
|
Sunburst
Joined: 09 Mar 2012
Posts: 20
|
| Posted: Thu 19 Apr '12 14:37 Post subject: |
|
|
Ok... then what to do? I cannot update this server, hosting old sites, to PHP 5.3. What about creating a fcgi wrapper that selects a specific PHP.ini as I mentioned above?
I put a PHP.ini in the root of a site but the PHP.ini file is not used (I think). |
|
| Back to top |
|
|
|
|
|
|
