• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Strange open_basedir restriction problem

C

chrisroane

Guest
I have been trying to figure out this problem for several hours now without any luck.

Basically I have all of my php included files put into the cgi-bin directory so that they can't be loaded in the browser. Things work without a problem when I include those php files anywhere in the httpdocs folder, except when I try to access them on the secure certificate (https://).

For this domain, I have this option checked, so that I don't have to have two sets of files:
"Use a single directory for housing SSL and non-SSL content"

This is in my vhost.conf file:

<Directory "/home/httpd/vhosts/WEBSITE/httpdocs">
php_admin_value open_basedir none
</Directory>

This is in my vhost_sll.conf file:

<Directory "/home/httpd/vhosts/WEBSITE/httpsdocs">
php_admin_value open_basedir none
</Directory>

This is the error it gives me:

Warning: main(): open_basedir restriction in effect. File(/home/httpd/vhosts/WEBSITE/cgi-bin/include/listing_process.inc) is not within the allowed path(s): (/home/httpd/vhosts/WEBSITE/httpdocs:/tmp) in /home/httpd/vhosts/WEBSITE/httpdocs/site/listings/test_new_listing.php on line 2

Warning: main(/home/httpd/vhosts/WEBSITE/cgi-bin/include/listing_process.inc): failed to open stream: Operation not permitted in /home/httpd/vhosts/WEBSITE/httpdocs/site/listings/test_new_listing.php on line 2

Fatal error: main(): Failed opening required '/home/httpd/vhosts/WEBSITE/cgi-bin/include/listing_process.inc' (include_path='.:/usr/share/pear') in /home/httpd/vhosts/WEBSITE/httpdocs/site/listings/test_new_listing.php on line 2


That error ONLY comes up when I try to access the (https://) version of the site. It loads fine when I go to the (http://) version of the site. I've read many posts on open_basedir problems, but none that describe this problem.

Any help would be highly appreciated.
 
The name of your vhost file should be: vhost_ssl.conf - you seem to have a spelling error.

Also remember to run a /path_to_psa/admin/bin/websrvmng --vhost-name=<the_domain> and restart Apache.
 
Yeah, that was a mistake in the post. The file name is vhost_ssl.conf . I just typed it wrong in the post.

"Also remember to run a /path_to_psa/admin/bin/websrvmng --vhost-name=<the_domain> and restart Apache."

Every time I made a change to the vhost files, I did that and restarted apache.

This problem is frustrating. Maybe I can't have the option ""Use a single directory for housing SSL and non-SSL content" and have access to the directory I want to access, without having two copies of the files?
 
turn off safe mode as well.

php_admin_value safe_mode 0


That's what I had to do to get that to work properly for a domain situation just like yours.
 
You can mimick the setting

"Use a single directory for housing SSL and non-SSL content"

easy enough.


cd /path/to/DOMAIN

mv httpsdocs httpsdocs.old
ln -s httpdocs httpsdocs
chown -h USERNAME:psaserv httpsdocs

Try that with your normal setup - personally i would not recommend turning safemode off unless its the very last choice.

Although personally i would put your includes in a directory in httpdocs and simply stick a password on the directory - they can then be accessed via the filsystem but http accesses will be requested to supply authentication.
 
Back
Top