I have added VirtualHost ServerAdmin root@localhost DocumentRoot /var/www/html/blogovet.ru ServerName www.blogovet.ru ServerAlias blogovet.ru
But my script within this domain can easily see all server files /* with his directory /var/www/html/blogovet.ru
How you can forbid viewing files except DocumentRoot ?
A script will have the ability to read all files the user running the script can see. Which means you should make certain your internet server doesn't run as root (it must be began as root to pay attention on port 80, but should swich user to e.g. "www" itself), after which make certain that that user can't read any sensible files.
You might use SElinux to have an extra layer of security.
I discovered this solution for PHP (If disable cgi and ssi, looks good)
<VirtualHost *:80> ServerAdmin root@localhost DocumentRoot /var/www/html/site.com ServerName www.site.com ServerAlias site.com ErrorLog /var/www/html/site.com/error-log # TransferLog /var/www/html/site.com/transfer-log # CustomLog /var/www/html/site.com/access-log common <IfModule mod_php5.c> php_admin_value upload_tmp_dir "/tmp" php_admin_value include_path ".:/usr/share/pear:/usr/share/php:/var/www/html/site.com" php_admin_value open_basedir "/var/www/html/site.com" php_admin_value doc_root "/var/www/html/site.com" </IfModule> <Directory "/var/www/html/site.com"> AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost>