Reputation: 236
Configure apache alias via PHP
I wanted to setup a server wherein my clients can edit Apache aliases via PHP script so they don't need to have the root account. All they need to do is edit the aliases via browser.
How can I accomplish such task with PHP?
Upvotes: 0
Views: 396
Answers (1)
Reputation: 28906
In order to avoid a security nightmare, you need to have a strict wall of separation between user input and your backend processing. This is important when inserting data into a database; it is even more important when editing important files such as Apache configs.
If you absolutely must do this, the best way is to create two separate processes: the first is the customer-facing side. This will require:
- A script to read and parse the vhost data
- A form to display the data in distinct fields (not just a big text area with the entire vhost contents)
- A form handler which will strictly validate each piece of input data
- A database to hold the inputs
On the back end, you will create a process (perhaps running via cron) which will read the data from the database and re-create the vhost. This process should be inaccessible to the user.
Validation will be the most important part of this entire process. If you allow your users to insert unfiltered or poorly filtered data into your Apache configs, expect bad things to happen.
Upvotes: 1
Related Questions
- How can I add an alias to Apache in XAMPP v3.2.1?
- add alias to my virtual host
- Configuring Alias and Directory inside Apache VirtualHost
- How can I implement an alias in .htaccess in Apache configuration?
- Apache php httpd-xampp.conf alias not working
- how to create alias folder on apache 2
- Apache Alias or ScriptAlias in use with PHP doesn't work
- Apache alias directive
- alias to include
- Apache Alias/Directory Question