Prevent PHP from accessing the parent directory

Question

Prevent PHP from accessing the parent directory

I have a website hosted in the directory: /var/www/website.com .

This directory and all its subfolders allow you to execute PHP code. However, I would like to prevent the PHP files that are in a specific folder ( /var/www/website.com/subfolder ) from accessing the parent folder and listing its files.

Example: A PHP function, such as scandir() , should contain a list of all folders, subfolders and files located in ( /var/www/website.com/subfolder ), but it is NOT allowed to list files below this level.

Do you know how this behavior can be implemented (preferably with Nginx)?

+6

security php permissions

Danny coulombe Jul 29 '12 at 4:59

source share

2 answers

I realized that turning on the PHP-FPM chroot variable is actually the best way to really block a user in a directory. It is still not bulletproof, but better than using the open_basedir option.

Google "chroot user php-fpm"

+2

Danny coulombe Mar 27 '14 at 1:23

source share

Amber · Accepted Answer · 2012-07-29T05:05:05+0000

Set PHP parameter open_basedir for files running in this folder?

For example, in nginx : http://michaelshadle.com/2011/02/11/setting-php-ini-parameters-from-nginx

Prevent PHP from accessing the parent directory

More articles: