/    Sign up×
Community /Pin to ProfileBookmark

Stop PHP scripts requesting resources outside directory?

Copy linkTweet thisAlerts:
Feb 13.2012

I want to setup an FTP account limitted to a directory:
/websites/example.com/

However, I want to stop any PHP scripts uploaded within that directory from “going below the root”. For example, scripts shouldn’t be able to access:
/websites/othersite.com/
/settings.file

Do you know how I can do this?
Many thanks for your help,
Colin

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@ericatekkaFeb 13.2012 — Google and you will find...

http://www.madirish.net/node/229

Check hardened php and safe directories. You wont be able to do it with another php script nor with APACHE. Only option is PHP INI Values.
Copy linkTweet thisAlerts:
@acestuffauthorFeb 17.2012 — Google and you will find...

http://www.madirish.net/node/229

Check hardened php and safe directories. You wont be able to do it with another php script nor with APACHE. Only option is PHP INI Values.[/QUOTE]


Thanks, good link. However, it doesn't give exactly the solution that I'm looking for. What I need is a method of setting something like "open_basedir" in php.ini for a number of different locations.

My server has sites:

/websites/site1.com/ Should only be able to include from site1.com/ and above

/websites/site2.com/ Should only be able to include from site2.com/ and above

/websites/site3.com/ Should only be able to include from site2.com/ and above

etc.

Can I solve this issue using .htaccess by any chance?

Many thanks.
×

Success!

Help @acestuff spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.8,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...