Try with what I did in post above. edit htaccess in site root (/var/www/webX/web) and add Apache Directives (Optional) in settings for same site. It would be nice if that solves the problem. EDIT: in this post: http://www.howtoforge.com/forums/showpost.php?p=155251&postcount=19
I've managed to make a php script (c99 shell) show my apache config file: cat echo /etc/apache2/apache2.conf i can't change directories, but i can guess paths. still more work to do. i'm going to check suphp tomorrow because it's 1:30am. from this mod's description looks like it could solve the problem.
@_X_, please try to remove the allowoveride all, this should not be nescessary anymore now and allows to override all other security settings. @cracknel: and you are 100% sure that you configured it exactly as x described? The option you described does not work and thats why it is not integrated in ispconfig.
I did ... dont know how it ended up in post Made changes to: http://www.howtoforge.com/forums/showpost.php?p=155251&postcount=19
htaccess looks different for joomla 1.5, but you got it in installation so use that one. about Apache Directives (Optional): -change webXXX with your configuration <Directory "/var/www/webXXX/web"> Options FollowSymLinks - if you put this here you can comment out line in htaccess php_admin_flag register_globals Off - dissables Register Globals - during installation you will have red On/Off so change it so it becomes green as i remember php_admin_value disable_functions "show_source system shell_exec passthru exec phpinfo popen proc_open" - dissables some php functions that are not used by majority of extensions php_admin_flag allow_url_fopen Off - dont know about this one php_admin_flag magic_quotes_gpc On - Magic Quotes option php_admin_value session.save_path "/var/www/webXXX/phptmp/" - this sets session folder inside open_basedir php_admin_value open_basedir "/var/www/webXXX/" </Directory> if someone can explain this in more details please do so. I dont know if joomla 1.5 works with PHP safe mode enabled.
http://www.installationwiki.org/Image:2387_02_013.PNG http://demo.joomla.org/1.5/categoryblog/15-can-joomla-15-operate-with-php-safe-mode-on.html so if you enable safe mode you have to use ftp access for file management in joomla instalation. if i got it right that is.
Thanks for the info. I did not enable Safe Mode for the Joomla 1.5 site, but I did add the Apache Directives as listed. I didn't enable Safe Mode because the Joomla installer called for it to be off and since I don't know Joomla that well and, well, because I'm basically chicken. It seems to be working without problems. I'll keep a lookout for anything broken, such as Joomla add-ons. Thanks vary much for helping me secure our ISPConfig server. G
only real problem u can have with this line: php_admin_value disable_functions "show_source system shell_exec passthru exec phpinfo popen proc_open" it disables php functions so if your extension uses one of those you can have problems. on the other hand if you do have extension that uses these functions it can be considered to be dangerous extension so you should search for another extension that does the same job without compromiting security.
