-1

I want use droplets to host multiple domains/sites, this is easy to do using virtual hosts, but how limit website X access files from directory of website Y?

In my droplet (testing), I have something like

/var/www/websiteX.com

/var/www/websiteY.com

/var/www/websiteZ.com

All working fine, but this websites using WordPress as CMS, so, users can install plugins and this is a problem, "deny access to directory of other website"...

I don't want give FTP/SSH access to each website.

John Henrique
  • 324
  • 2
  • 12
  • This might be helpful. https://www.linode.com/docs/web-servers/apache-tips-and-tricks/rulebased-access-control-for-apache/ – banderson Sep 17 '19 at 21:51
  • No, this not help me. If users install a plugin like File explorer, I want deny they explore others file above '/websiteY.com'... – John Henrique Sep 18 '19 at 18:07

1 Answers1

0

There are options to turn on or off indexes in Apache. Here is a link that talks about it. https://www.techrepublic.com/article/how-to-make-apache-more-secure-by-hiding-directory-folders/

If you want to conditionally turn on or off indexes based on what domain a user is accessing I think you will have a very hard time.

Why are you trying to do this? You might want to reconsider trying to accomplish this.

banderson
  • 121
  • 6
  • I'm using DigitalOcean VPS to create a service where users can create a blog / site by choosing options theme | functions, I created several demo sites, the user choose one and pay to use as our website, paying me montly. Using PHP I created classes to manage (add virtual host, add domain, restart apache, create new site and DB), but I can't allow users access folders. Eg: using plugins – John Henrique Sep 19 '19 at 17:51