How to prevent lighttpd from accessing folders other than server.document-root
Added by xiaozou over 5 years ago
Hello everybody,
Thanks a lot in advance if you will try to help me!
I encountered a issue when using lighttpd1.4.36 in Linux3.10.64. I set server.document-root to /pmc/work/air, but when I mount /pns/sdm_a/G4125.FGP to /pmc/work/air, lighttpd will access a file in the /pns/sdm_a directory. So,I would like to ask,how to prevent lighttpd from accessing folders other than server.document-root?
The following is the configuration information of lighttpd:
server.port = 80
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
}
server.modules = (
"mod_accesslog",
)
server.errorlog = "/var/log/lighttpd.error"
accesslog.filename = "/var/log/lighttpd.access"
server.document-root = "/pmc/work/air"
index-file.names = ("index.html")
Any support is appreciated, thank you very much!
Replies (1)
RE: How to prevent lighttpd from accessing folders other than server.document-root - Added by gstrauss over 5 years ago
lighttpd 1.4.36 was released over 3 years ago and there have been 15 (!) releases of lighttpd since, soon to be 16. Please upgrade.
Many of the questions you ask here and in https://redmine.lighttpd.net/boards/2/topics/8370 are related to managing a Linux system and are not specific to lighttpd. I might suggest using strace on the lighttpd pid to see what it is doing in regards to filesystem access, along with lsof or fuser. netstat -ntp as root can identify processes local on a system. None of these tools are specific to lighttpd, and this is not the right forum to ask further questions about these tools.
I recognize that this is an embedded system. If you don't have tools available and are unable to build them, including an updated lighttpd release, then that is a problem you should probably look into.