[wp-hackers] Re: [OT] Resources for Defending Against Blog Attacks
ag.ml2007 at zirona.com
Sat Aug 11 20:16:30 GMT 2007
On Fri, 2007-08-10 at 10:49 -0400, Christian Höltje wrote:
> The setting for the apache.conf file for open_basedir is:
> php_value open_basedir '/path/to/your/webbase/'
> Don't forget the trailing '/' as the string is just a prefix check.
Good point, I forgot to mention that. It is to say however that since
PHP 5.2.2, I have problems with open_basedir when operating on
DocumentRoot level with the trailing slash. For example
is_writable('/var/www/www.example.com/htdocs/') with the below
configuration would produce an error -- even if it is writable.
Therefore I had to remove the trailing slash in the open_basedir value
for some of my hosts.
> How do you set the local tmp directory?
I have one config file per vHost. A simple VirtualHost section in this
file could look like this:
ServerAdmin webmaster at example.com
Setenv VLOG /var/www/www.example.com/htdocs/log/
php_admin_value open_basedir "/var/www/www.example.com/htdocs/"
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir "/var/www/www.example.com/htdocs/phptmp/"
php_admin_value session.save_path "/var/www/www.example.com/htdocs/phptmp/"
Alex Günsche, Zirona OpenSource-Consulting
Blogs: http://www.zirona.com/ | http://www.regularimpressions.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc
More information about the wp-hackers