PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

RandomBugs.com: Apache Dynamic Virtual Hosting and PHP security

Note: This article was originally published at PHPDeveloper on 18 April 9371.
PHPDeveloper

On the RandomBugs blog today there's a new post looking at some of the considerations made when setting up Apache and PHP for dynamic virtual hosting.

It's been a while since I configured the latest Dynamic Mass Virtual Hosting Server. Last time I used mod_vhost_alias to create a dynamic virtual hosting and it worked without any problem for what we need in that time. [...] Now, the problem is a little bit changed: We need a secure sever which should support ftp virtual users with quota and we don't have permission to change the packages, apply patches or recompile sources, because we need to be able to upgrade without to much stress.

Their biggest problem was dealing with the virtual users and handling the security for them to work with the files and hosts set up for them and only them. They tried both suPHP and a combination of mod_vhost_alias/php safe_mode/openbasedir but neither fit their needs. In the end it was mod_macro that did the trick with one caveat - you had to be more careful when adding the host to use the correct syntax in the configuration. It's split between multiple files and settings have to match across them.