how to put php files out of webroot

Question

how can i know where is my web root folder ? and how to put folders out of web root folder? and how to test that they are not accessible from outside ?

the structure of my hosting is like this:

www.website.com :

public_html/
includes /
logs/

...

is it enough to protect includes folder and logs folder with htaccess? and are they out of web root in this case?

i know that $server[document root] provide the root of my website , but i am confused about how to put files out of it , any help would be welcome , thanks for all

Can you explain what you're trying to achieve? Why do you want to "put files out of webroot"? You don't need to worry about people downloading php files from the webserver, if someone requests one, the file is executed, not sent back in the response — PiX06, Mar 06 '14 at 13:25
Not sure on what you're trying to accomplish, But if you want to "put files out of webroot" just to "protect" them i'd advise you another way. You can just prevent them from being executed directly with a simple check. This answer may guide you http://stackoverflow.com/a/409515/2600397 — Kevin Cittadini, Mar 06 '14 at 13:27
as i understand that www.website.com is the web root itself , i want to get one folder up by adding this in my code ../ , so when i put php code one folder up it can only be included and not server by apache — user3388314, Mar 06 '14 at 13:40
i have seen many people that say they can hack php code using backtrack or something else , and the code want be secure unless it is out of root — user3388314, Mar 06 '14 at 13:41

vonUbisch · Accepted Answer · 2014-03-06T21:12:56.953

0

All your files are currently in the public web root folder.

The 'inside' of your root is your publichtml/. Everything you place in there will be publicly accessible. The name of your root can vary from host to host, often public_html or httpdocs.

The 'outside' is one directory up. But remember some hosts do not give enough permissions.

You cannot test documents outside your root, because they are not accessible. Only something like PHP can access those files. That's why you do not place your img/JS/CSS files outside the root cause they need direct access. You can however serve them through your PHP.

edited Mar 06 '14 at 21:12

answered Mar 06 '14 at 13:27

vonUbisch

1,384
17
32

It's `public_html/` and not `publichtml/` – HackerKarma Mar 06 '14 at 13:30
Well from my experience this changes from host to host, so I just copied what the OP had. – vonUbisch Mar 06 '14 at 13:31
it's a Linux system and Apache server related document root. "space" in file/folder names is not an valid on linux system (if you do then you will have to escape it -- and may cause problem) – HackerKarma Mar 06 '14 at 13:34
yes i know that i can not access files out of root , but i can include them , my question here is how to get one folder up if the command ../ dose not exist – user3388314 Mar 06 '14 at 13:35
Can you explain? Simply including `require_once('../test.php')` will fail? What is the error? – vonUbisch Mar 06 '14 at 13:39
i have no access to that directory all i see in my host is www.website.com and its subfolders there is no folder else – user3388314 Mar 06 '14 at 13:44
Try discussing this issue with your hosting company. – vonUbisch Mar 06 '14 at 13:45

how to put php files out of webroot

1 Answers1