Page 1 of 1

Defence against dot dot slash or file path traversal attack.

Posted: Sun Aug 04, 2013 10:37 am
by InfinitySignal
I have EasyPHP installed,I am considering following as root directory:
http://127.0.0.1/projects/Web%20Develop ... eus/files/

I want user to be restricted to this directory and not able to get access to directory named aureus.

I want all this configuration using .htaccess how can I do that?

Re: Defence against dot dot slash or file path traversal att

Posted: Sun Aug 04, 2013 4:11 pm
by requinix
And you can't just change the root of the website to be that /projects/Web Development/aureus directory?

Try putting a .htaccess in the root (above projects/) that blocks access, like

Code: Select all

Order allow,deny
and then put another in files/ with the opposite,

Code: Select all

Order deny,allow