php includes, and other files, above wwwroot
Posted: Sat Dec 04, 2010 3:34 pm
I learned, as best practice, to stick my secure includes,scripts, and anything I don't want the public to have URL access to, in folders above the wwwroot.
Example: website.com/index.htm is under /root/htdoc/index.htm and an include folder might be /root/hiddenstuff/.
Anything under htdoc is accessible by the public, anything under hiddenstuff is only accessible by server scripts/root user.
Unfortunately, my current host (fatcow using apache/php5) doesn't allow this file structure. What I have access to looks like
site_root/
and
site_root/cgi-bin/
...no access to the folder above site_root (and yes I contacted the host to verify this.)
My question: Is there some way to mimic the functionality I am used to (maybe via htaccess?) I'd like to force all requests to site_root/ down a level to a new directory: site_root/ -> site_root/fake_htdoc/. If I can do this I might be able to fake an above wwwroot directory. Unfortunately, my htaccess/php skills are a bit rusty and I'm running out of ideas. Suggestions?
Example: website.com/index.htm is under /root/htdoc/index.htm and an include folder might be /root/hiddenstuff/.
Anything under htdoc is accessible by the public, anything under hiddenstuff is only accessible by server scripts/root user.
Unfortunately, my current host (fatcow using apache/php5) doesn't allow this file structure. What I have access to looks like
site_root/
and
site_root/cgi-bin/
...no access to the folder above site_root (and yes I contacted the host to verify this.)
My question: Is there some way to mimic the functionality I am used to (maybe via htaccess?) I'd like to force all requests to site_root/ down a level to a new directory: site_root/ -> site_root/fake_htdoc/. If I can do this I might be able to fake an above wwwroot directory. Unfortunately, my htaccess/php skills are a bit rusty and I'm running out of ideas. Suggestions?