Menu
I have a website hosted in the directory: /var/www/website.com.
This directory and all its subfolders allow the execution of PHP code. However, I would like to prevent the PHP files that are in a specific folder (/var/www/website.com/subfolder) from accessing the parent folder and listing its files.
Example: a PHP function like scandir() should be allowed to list all folders, subfolders and files that are in (/var/www/website.com/subfolder), but should NOT be allowed to list files below that level.
Do you know how a behavior like this could be implemented (with Nginx preferably)?
444
Set the PHP open_basedir option for files running in that folder?
For instance, in nginx: http://michaelshadle.com/2011/02/11/setting-php-ini-parameters-from-nginx
133
I figured out that enabling PHP-FPM's chroot variable is actually the best way to really lock a user into a directory. It's still not bulletproof, but way better than using the open_basedir option.
Google "chroot user php-fpm"
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
