From owner-freebsd-isp  Sat Aug 25  2:57:55 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205])
	by hub.freebsd.org (Postfix) with ESMTP id 6180337B405
	for <freebsd-isp@FreeBSD.ORG>; Sat, 25 Aug 2001 02:57:50 -0700 (PDT)
	(envelope-from drakFB@drak.com)
Received: (qmail 51689 invoked from network); 25 Aug 2001 09:57:50 -0000
Received: from unknown (HELO ?192.168.1.5?) ([64.81.163.89]) (envelope-sender <drakFB@drak.com>)
          by mail5.speakeasy.net (qmail-ldap-1.03) with SMTP
          for <haribeau@gmx.de>; 25 Aug 2001 09:57:50 -0000
Mime-Version: 1.0
X-Sender:  (Unverified)
Message-Id: <a05100300b7ad241a8c23@[192.168.1.5]>
In-Reply-To: <20010825113754.A1025@homer.local>
References: <20010825113754.A1025@homer.local>
Date: Sat, 25 Aug 2001 02:57:48 -0700
To: Clemens Hermann <haribeau@gmx.de>
From: Andrew Matheson <drakFB@drak.com>
Subject: Re: apache jail
Cc: freebsd-isp@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

>how can I send each apach virtual-host into somthing like a jail? I have
>several vhosts sharing one IP so the apache could not be run inside the
>jails, right?
>Furthermore I would like to keep things as much as possible as they are,
>the only goal is to avoid, that php-scripts and thelike can access the
>system (e.g access the /etc/passwd to read it etc.).
>
>is there any information available how to do this?


I've never tried this before and have no idea if it will work, but you may be able to do the following:

1)  Set up each apache virtual host in its own jail using internal network ip addresses.  You'd need to have one apache per jail, which I think is what you're trying to accomplish.

2)  Set up apache running on your main ip address.  Configure VirtualHost directives for each of your domains so that apache acts as a proxy server, forwarding the requests to the appropriate jail ip addresses.

Good Luck,
Andrew

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message