From owner-freebsd-isp  Thu Jan 27 11:31:52 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3])
	by hub.freebsd.org (Postfix) with SMTP id C482115599
	for <freebsd-isp@freebsd.org>; Thu, 27 Jan 2000 11:31:45 -0800 (PST)
	(envelope-from paulo@nlink.com.br)
Received: (qmail 8602 invoked by uid 501); 27 Jan 2000 19:31:28 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 27 Jan 2000 19:31:28 -0000
Date: Thu, 27 Jan 2000 17:31:28 -0200 (EDT)
From: Paulo Fragoso <paulo@nlink.com.br>
To: freebsd-isp@freebsd.org
Subject: PHP security
Message-ID: <Pine.BSF.4.10.10001271730230.97640-100000@mirage.nlink.com.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

I would like to limit access to php scripts, I'm trying to set into
httpd.conf:

php3_safe_mode on
php3_doc_root /some_dir/data/htdocs/php

but it don't work.

When I access a simple php3 script in /some_dir/data/htdocs my web server
run that script fine.

Is possible using "php3_safe" and "php3_doc_root" restrict php3 scripts
under /some_dir/data/htdocs/php? Or is there other way to make this?

I'm using: Apache/1.3.11 (Unix) mod_ssl/2.5.0 OpenSSL/0.9.4 PHP/3.0.14
with FreeBSD 3.4.

Thanks,
Paulo.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message