Forum Moderators: coopster
Dear Ev1 members
I use Plesk and I use Apache, CGI, MySQL and PHP
I was able to use mod-security, to use a Chroot directory, everything works ok, exept that in some sites I need to include CGI scripts
so the call will be like this:
@include("http://www.mysite.com/cgi-bin/coranto/shownews.cgi?id=DLSMSMEMLLFSOWLSF");
Whenever I run Apache with mod-security but WITHOUT the CHROOT option, everything works ok
When I run the Chroot option, everything works ok, exept that in PHP, I cannot fopen, include... external URLs
Seems like PHP isn't able to do reverse DNS or something similar
I went to the mod-security site, and read EVERYTHING, the first 3 chapters of the Apache Security book.
I've followed all the instructions, and I created a /chroot directory, with all the libraries copied into /chroot/lib
The libraries that are needed by /sbin/httpd and libphp4.so, I copied them all
I even copied the /chroot/etc/resolv.conf file, and the libraries needed by the /bin/host programs, along with the program itself
So right now I'm able to do this:
chroot /chroot /bin/host www.google.com
and it outputs:
www.google.com is an alias for xx.xx.xx.xx.
I restart apache, but still, I can't include the CGI script form my PHP script
I am trying to load a CGI script from www.mysite.com in a script located at the same site: www.mysite.com
I can't include it like this:
include("/var/www/site.com/cgi-bin/coranto/shownews.cgi?id=DLSMSMEMLLFSOWLSF");
because the cgi script won't run
Any suggestions will be highly appreciated
Regards
Xavier
There was a bug # 27509 [bugs.php.net] in 4.3.4 that was fixed, according to the v4 changelog. Also, have you read the User Contributed notes on fopen() [php.net]? There is a possible issue there for you to review.
