Does FileServer handler only serve what is inside the directory you specify?

Question

For example, can a user put your url with linux commands to go up a folder/directory?

Let's say my server consist of:

bin/
    serverfile.go
    ...
public/
    index.html
    style.css

"www.example.com/../bin/etc"

with serverfile.go consisting of:

 pacakage main
 import "net/http"

 func main() {
     htttp.ListenAndServe(":8000", http.FileServer(http.Dir("public")))
 }

score 1 · Accepted Answer · answered Jul 04 '17 at 20:25

The http.FileServer inhibits a breakout of the root directory you specify.

In contrast you could build your own file server with http.ServeFile which would potentially be a dangerous undertaking.

1 Answers1