Turn Off Open_basedir
Mar 31, 2008How can I turn off open_basedir completely from within .htaccess?
I'm finding conflicting advice on how this can be done, or even if it can.
How can I turn off open_basedir completely from within .htaccess?
I'm finding conflicting advice on how this can be done, or even if it can.
I have dedicated server and my panel is lxadmin.
Anybody know how can i make off on php.ini the open_basedir ?
I have to install one script on my server this open_basedir have to be disable.
I've just upgraded my apache install to Apache 2.0.59 and PHP 4.4.6 and suddenly open_basedir has stopped working. I have an open_basedir setting in each vhost configuration that used to work fine on php 4.3.9, now upgraded it thinks there is no path specified and I'm getting the usual failures where my scripts are not allowed to write to a directory.
Has anyone else seen this or knows what's happening? I'm on 64-bit Centos 4.4
I got a VPS with CentOs installed and it is using LxAdmin and i got this problem:
I installed Squirrelmail but it isn't working because open_basedir is enabled.
I do not want to disable open_basedir,
Assuming that an account on my server is hacked into, is open_basedir enough to protect other users on the same server? I would assume so, since php would not have access to those other accounts? Why is suphp needed?
Ofcourse, I also disabled dynamic loading of modules (apache) and added some disable_functions list.
when I make open_basedir effect in whm > security center
I have in my script this problem :
Warning: tempnam() [function.tempnam]: open_basedir restriction in effect. File() is not within the allowed path(s): (/home/xxxx/:/usr/lib/php:/usr/local/lib/php:/tmp) in /admincp/misc.php on line 685Warning: fwrite(): supplied argument is not a valid stream resource in /admincp/misc.php on line 688Warning: fclose(): supplied argument is not a valid stream resource in /admincp/misc.php on line 689
when I disable it I have this other one problem :
Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 32010 is not allowed to access /tmp/vbthumbLTfVOk owned by uid ..
to append the directory that the accounting.php.inc file is located in to the open_basedir line.
How do i do it, where n how do i make these changes.
I can't correct configure the open_basedir. Safe_mode on server is enabled. Now path to accounts is: /var/www/webx/ . I would like change this path to /webx/ On server are some accounts. How can I do it?
What I did:
-> I set path in php.ini file (/etc/php4/apache2) in open_basedir = line to:
/webx/ and /var/www/webx/ too. Without effect.
-> I added
<Directory /webx/>
php_admin_value open_basedir /webx/
</Directory>
in /etc/apache2/apach2.conf and /etc/apache2/confixx_mhost.conf
Without effect.
After any change I was restarting the apache service through /etc/init.d/apache2 restart, of course.
About the 29th of last month my crons quit working properly, they are still ran but they did nothing.. I finally found out that its giving me an open_basedir error...
I am trying to run the crons from /home/<user>/crons/...
The first few lines of the PHP Code includes some required files that are used by the rest of the site...
PHP Code:
$root_path = "/home/<user>/public_html/";
include($root_path . "includes/common.php");
However, when the cron is ran I get the following email...
Quote:
X-Powered-By: PHP/5.2.1
Content-type: text/html
Warning: include() [function.include]: open_basedir restriction in effect. File(/home/<user>/public_html/includes/common.php) is not within the allowed path(s): (0) in /home/<user>/public_html/live.php on line 7
Warning: include(/home/<user>/public_html/includes/common.php) [function.include]: failed to open stream: Operation not permitted in /home/<user>/public_html/live.php on line 7
Warning: include() [function.include]: Failed opening '/home/<user>/public_html/includes/common.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/<user>/public_html/live.php on line 7
test
Notice: Undefined variable: db in /home/<user>/public_html/live.php on line 11
Fatal error: Call to a member function query() on a non-object in /home/<user>/public_html/live.php on line 11
WHM 11.11.0 cPanel 11.15.0-R17665
CENTOS Enterprise 4.5 i686 on standard - WHM X v3.1.0
Apache version1.3.39 (Unix)
PHP version5.2.1
MySQL version4.1.22-standard
(Paths have the correct username, I replaced the usernames with <user>...)
I want to include script wpisz.php from /srv/www/vhosts/default/htdocs into /srv/www/vhosts/domena.pl/httpdocs/, but i recive this error:
Code:
Warning: main() [function.main]: open_basedir restriction in effect. File(/srv/www/vhosts/domena.pl/httpdocs/wpisz.php) is not within the allowed path(s): (/srv/www/vhosts/default/htdocs:/tmp) in /srv/www/vhosts/default/htdocs/index.php on line 3
Warning: main(/srv/www/vhosts/domena.pl/httpdocs/wpisz.php) [function.main]: failed to open stream: Operation not permitted in /srv/www/vhosts/default/htdocs/index.php on line 3
Warning: main() [function.include]: Failed opening '/srv/www/vhosts/domena.pl/httpdocs/wpisz.php' for inclusion (include_path='.:/usr/share/php') in /srv/www/vhosts/default/htdocs/index.php on line 3
So, I ask you to help me to set it up (propably open_basedir) in that way in which will it work fine. But please.. use a simple language and describe the solution step-by-step because I'm not doing well whith this..
I'm running a apache2 webserver with php5 and vhost_alias.
I like to use open_basedir virtual:
VirtualDocumentRoot /www/%0
php_admin_value open_basedir "/www/%0:/usr/share/php:/tmp"
How to disable open_basedir in plesk enabled server. I want to disable it server wide.
View 7 Replies View RelatedI am going to run a free host, yes I know I should post this in FWHT but well, they dont answer very fast if at all.
It is very dangerous to have Safe Mode OFF on a free host, but someone was telling me about open_basedir, which makes it so they cant touch any files set outside of open_basedir. Would this be suffiecient to keep them from touching others files? I know I need to disable other functions like exec() and stuff but would open_basedir keep hackers away from others files and hacking them...
I am trying to do open_basedir in my httpd.conf file using wildcards so I dont have to set it up for EACH account.
Here is my Virtual Host part in my conf:
<VirtualHost *>
VirtualDocumentRoot /www/%2+/%1.1/%1.2/%1.3/%1/htdocs/
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www..*$
RewriteRule ^(.+) %{HTTP_HOST}$1 [C]
RewriteRule ^www.(.+) http://$1 [P]
RequestHeader unset Accept-Encoding
RequestHeader unset Content-Encoding
</VirtualHost>
I have tried putting:
php_admin_value open_basedir /www/%2+/%1.1/%1.2/%1.3/%1/htdocs/
But I get this error looking at ANY PAGE:
Fatal error: Can't load /www/fatehost.net/a/l/d/aldo/htdocs/{FILE_IM_ON}, open_basedir restriction. in Unknown on line 0
if i enable PHP open_basedir Tweak in cpanel, it disables all sites and none load, do note that the other tweak called Apache mod_userdir Tweak is also enabled.
Now i am wondering is if they both clash with each other to compete for the security ?
Anyone else noticed this also?
Info :
WHM 11.15.0 cPanel 11.18.6-S24255
CENTOS Enterprise 5 i686 on standard - WHM X v3.1.0
Is there a way to configure the open_basedir to allow cURL to FOLLOW_LOCATION? I'd like to keep the open_basedir enabled for security but at the same time, I need my site to function properly and that's not a possibility with FOLLOW_LOCATION not working.
View 6 Replies View RelatedI am trying to use chdir() in one of my scripts. However, I am getting an open_basedir restriction error. I have checked the php.ini and the value is not set (which as I understand should disable open_basedir).
View 4 Replies View Relatedhow to turn off f-cgi?
Its causing big problem at my friend's site, it often leads to 500, 501 and 502 pages, earlier some one mentioned even fcgi could be reason for the error pages as it might show error page if php file takes longer time to load,
so I would like to to turn off fcgi at his site, he uses hypervm-lxadmin, I couldn't find an option when I searched, may be I have missed it, can u guide me through how to solve this issue
and I would like to know if turning off f-cgi will it cause any problem to the site, such as tech, issue to be fixed
I have a pentium4 2.8 HT server.
However, HT was turned off at some point due to various reasons ( not by me).
how to turn HT back on in SSH?
I've just gotten a job at a newer webhosting company. I myself have personal pet pieves regarding webhosts. I want to know what turns you off a host the most. For me its Customer Service, Overselling and slow server/support response time.
View 9 Replies View RelatedRunning Apache 2.2.2 and PHP 5.2.5, and my error_logs are filling up with PHP notices. I'd like to turn this feature off, but I must be missing something here. I've edited the php.ini and set error_reporting = E_ALL & ~E_NOTICE, and reloaded apache, but I still get the same php notices over and over again in the httpd error log.
View 1 Replies View RelatedI have a website where people perform a number of tasks, saving some data to temporary session files. If the user is idle for a certain amount of time, then performs an action, his/her work will be gone.
I'd like to set the sessions to never expire, so that only a browser close would delete the temporary files.
I've tried looking around in the IIS manager, but I cannot find a way to do this.
My webhost's autoresponder does not keep track of who it has auto-responded to. Hence it will auto-respond back to the same person twice.
Some emailer might send me an email (most likely spam) and I would auto-respond. But that emailer also has a dumb auto-responder and response back to me. I would auto-respond back; it would auto-respsond back forever.
I'm afraid to turn on an "Out-of Office" auto-responder because if that happens, I would have a billizion emails in my inbox upon my return.
Is there a smart auto-responder that tracks who it has responded to and auto-repsonds to the same person only once?
Does anyone know how to turn On Register Globals in a php.ini file? I think I can only edit the file using ssh...
View 4 Replies View RelatedIs it possible to make it so that a domain can not send email?
I have a security issue on an old domain that I need to keep active but I do not want any application to have the ability to send ANY emails at all.
Dreamhost accounts have PHP register_globals turned on by default. I tried to override that and have register_globals turned off by putting this line
register_globals = Off
in a php.ini file placed at the web root. But phpinfo() still shows register_global as on. How do I turn off register_globals in Dreamhost?
I want to turn off my amd server's Cool & Quiet feature. How to do this?
View 8 Replies View RelatedI am trying this
ethtool -A eth0 RX off
Dmesg result after that shows RX control is off already. However, after rebooting server, the RX control is ON again. How to keep it OFF?
Server version: Apache/2.2.8 compiled by latest stable easyapache3
Default PHP Version (.php files) 5
PHP 5 Handler cgi
PHP 4 Handler none
Suexec on
Selected php5 handler to be CGI through WHM . Did not choose mod_suphp while compilation.
I have set register_globals off server-wide through WHMs php configuration editor. Now need to activate it for one account. I have tried :
# creating php.ini file at the required folder with register_globals on
# adding several combinations php_flag, php_admin_value, php_value etc with register_globals as seen from several posts here at the .htaccess file at the required folder.
# adding it to httpd.conf
Every time, the phpinfo page shows the loaded configuration file as /usr/local/lib/php.ini and register_globals is Off.
I am in the process of fighting a Hosting company on a dedicated server. It was turned off without notice a couple of months ago. They said I had not paid last years bill for this server (10 months ago). When I sent them the paypal confirmation number from last year finally they agreeed but said I owed an inflated 2008-2009 bill. The first bill I got was when the server was suspended. The bill increased over 20%. In order to get my clients back online I paid the increased bill but sent the initial price guarantee and asked for a refund of the difference. What I got was a half apology and the double talk below. I switched hosting companies and asked for a pro-rated refund and even though the server is paid up until Sept 2009 they have suspended the server. I am going to leave the hosting companies name out.
"Dear Mark,
As explained by Tom, the amount you paid is the amount that was due.
Since you originally purchased your server, our costs have risen by approximately 46%. The increase in price for your server only represents approximately 16%. While in the past, we have been able to absorb price increases and not pass them along, unfortunately, on this occasion we had no choice but to pass along part of the increase - the increase applied is just over half the increase we have personally seen since the start of this year. We have been able to keep the increase low through additional cost savings and reducing our profit margins, but, there is a limit to that and we unfortunately hit with the latest increase we've been hit with.
The issue with your server earlier this month was due to human error. We do not have any due invoices from 2007 (any unpaid would have been passed to collections), and as we are human, have gotten into the habit of simply looking at the day and month. One of my billing staff members alerted me that your invoice was overdue, believing it was a 2008 invoice due 1st August 2008 and requested that I authorise a disconnection. I then looked at it and also missed the 2007 date. Tom unfortunately does not have full access to billing details and cannot correct (nor view) errors such as that.
In terms of the invoicing - the system expected a recurring payment, through the Paypal subscription, to occur automatically and this is why no invoice was generated. As your invoice last year was manually paid, there was no subscription to update and pay. As a result, I had to manually update your account to reflect the payment details and manually generate the invoice. The invoice in your account when you paid the invoice correctly reflected the $1274.20 value. One of the emails quoted above, which should have been received after the emailed invoice, stated "generated the correct invoice for the 2008 to 2009 billing period.". I am sorry if that wasn't clear enough.