Virtual Host locations misconfiguration
Description
The web server hosts multiple virtual hosts with a configuration error that allows files from one virtual host to be accessed through another virtual host's directory structure. This misconfiguration occurs when virtual host document roots overlap or when one virtual host's files are stored within another's directory path, enabling unauthorized access to files that should be isolated between virtual hosts.
Remediation
Reconfigure virtual hosts to ensure complete separation of document root directories. Each virtual host must have its own isolated directory structure with no overlapping paths.
For Apache, verify that each VirtualHost directive specifies a unique DocumentRoot:
<VirtualHost *:80>
ServerName site1.example.com
DocumentRoot /var/www/site1
</VirtualHost>
<VirtualHost *:80>
ServerName site2.example.com
DocumentRoot /var/www/site2
</VirtualHost>For Nginx, ensure each server block has a separate root directive:
server {
server_name site1.example.com;
root /var/www/site1;
}
server {
server_name site2.example.com;
root /var/www/site2;
}After making changes, verify that no virtual host directory is a subdirectory of another, test the configuration syntax, and restart the web server to apply changes.