0

I tried to configure my Apache 2.4 Debian Webserver for a PHP-POST File Upload. But I´m doubtful if I understand it right and wanted to ask before I use it. I need a tmp directory for the fileupload and after checking the file I want to copy it to another directory.

in the /etc/apache2/apache.conf I just changed:

#comment, because this is in virtual hosts file
#<Directory /var/www/>
#   Options Indexes FollowSymLinks
#   AllowOverride None
#   Require all granted
#</Directory>

and this is my Virtual Host File:

<VirtualHost *:80>

    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias "/upload" "/var/www/upload" 

    #Directory for file upload (temp)
    <Directory "/var/www/upload/">
        Require all granted
        AllowOverride None
        SetHandler none
        SetHandler default-handler
        Options -ExecCGI
        php_flag engine off
        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        <Files *>
            AllowOverride None
            SetHandler none
            SetHandler default-handler
            Options -ExecCGI
            php_flag engine off
            RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        </Files>
    </Directory>

    Alias "/pics" "/var/www/pics"

    #to save the pictures
    <Directory "/var/www/pics/">
        AllowOverride None
        SetHandler none
        SetHandler default-handler
        Options -ExecCGI
        php_flag engine off
        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        <Files *>
            AllowOverride None
            SetHandler none
            SetHandler default-handler
            Options -ExecCGI
            php_flag engine off
            RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        </Files>
    </Directory>

    ScriptAlias "/php" "/var/www/php"

    #Directory for secret php-Scripts like mysql-connect, etc 
    <Directory "/var/www/php/">
        AllowOverride None
        Options ExecCGI 
        LoadModule php5_module modules/libphp5.so
        php_flag engine on
    </Directory>

    #Directory for index.php and .php .html pages
    #<Directory "/var/www/html/">
    <Directory "/">
        Require all granted
        AllowOverride None
        Options ExecCGI Indexes FollowSymLinks
        LoadModule php5_module modules/libphp5.so
        php_flag engine on
    </Directory>

</VirtualHost>

As permissons I would use this: (Apache-User is www-data My User ist webadmin Group is f.e. web (webadmin, www-data) )

chown webadmin /var/www/html
chgrp web /var/www/html
chmod 755 /var/www/html
chmod 644 /var/www/html/*

chown webadmin /var/www/php
chgrp web /var/www/php
chmod 755 /var/www/php
chmod 711 /var/www/php/*
(just execute the files)

chown webadmin /var/www/pics
chgrp web /var/www/pics
chmod 740 /var/www/pics
chmod 600 /var/www/pics/*
(www-data have the write)

chown webadmin /var/www/upload
chgrp web /var/www/upload
chmod 775 /var/www/upload
chmod 775 /var/www/upload/*

What can I change to make it better or more secure, what I forgot? Which permissions are better?

blumenerde
  • 1

1 Answers1

0

Check if the user "www-data" is in "web" group

Jack L. G.
  • 31
  • 1
  • 1
  • 5