Defence against dot dot slash or file path traversal attack.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
InfinitySignal
Forum Newbie
Posts: 1
Joined: Sun Aug 04, 2013 10:33 am

Defence against dot dot slash or file path traversal attack.

Post by InfinitySignal »

I have EasyPHP installed,I am considering following as root directory:
http://127.0.0.1/projects/Web%20Develop ... eus/files/

I want user to be restricted to this directory and not able to get access to directory named aureus.

I want all this configuration using .htaccess how can I do that?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Defence against dot dot slash or file path traversal att

Post by requinix »

And you can't just change the root of the website to be that /projects/Web Development/aureus directory?

Try putting a .htaccess in the root (above projects/) that blocks access, like

Code: Select all

Order allow,deny
and then put another in files/ with the opposite,

Code: Select all

Order deny,allow
Post Reply