[CLUE-Tech] Re: Cracking websites
Jed S. Baer
thag at frii.com
Sun Feb 22 17:35:07 MST 2004
On 22 Feb 2004 14:22:11 -0700
jim feldman <jmf at jim-liesl.org> wrote:
> It's not like the Apache folks haven't thought about this either. Check
> out the suEXEC wrapper and the User directive for <VirtualHost>.
The Apache dox say the the User directive is no longer supported under
<VirtualHost>.
> "chrooted" apache is doable but very ugly from a maintenance
> perspective. You could look at User-mode-linux, but thats overkill for
> what you need. Check out the following link:
> http://www.onlamp.com/pub/a/bsd/2003/09/04/jails.html
> FreeBSD just did a better job addressing this need. The only downside
> is that each "jail" needs it's own unique ipaddr.
I'm not trying to configure a webserver here. I'm trying to make sure I
understand the risks associated with using company X's shared hosting
services -- i.e. _not_ a virtual server, and what to look for/ask when
evaluating such a service.
Re. what's possible using name-based virtual domain name directives, it
appears from my admittedly brief reading so far, that those come into play
for requests coming in with a "mydomain.tld" HOST header. But let's not
repeat my reply to Angelo.
jed
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list