hyperlink to a page outside of document root

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
infomamun
Forum Contributor
Posts: 102
Joined: Mon Dec 28, 2009 7:48 pm

hyperlink to a page outside of document root

Post by infomamun »

Hi
I have a folder outside of my root directory. I can include files/pages of that directory by php include/file get contents from inside of root dir but can't hyperlink (<a href>) to the same file/page. It returns 404 error.

Is it possible to hyperlink a file/page reside outside of root dir from inside of root dir or it can be included only, not hyperlinked?

Regards.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: hyperlink to a page outside of document root

Post by John Cartwright »

Place a script inside the document root which serves the files located outside the root (which you already described), then simply have the script output the file using the appropriate headers.

You'll likely be using readfile(), which has a alot of good information/examples on that page.
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: hyperlink to a page outside of document root

Post by twinedev »

While there are many ways to get the desired results, I think first you need to evaluate why the file is outside of the web root to begin with.

Another possibility if you find it needs to remain this way and there is only one or two like this, and you have SSH access, create a symbolic link to the file.

From within the directory you want to see the file:

ln -fs /path/to/file/filename.php

Now if you list your directory via ls -la

you will see something like:

[text]lrwxrwxrwx 1 username groupname 17 Set 28 2010 filename.php -> /path/to/file/filename.php[/text]

Now that can be called from that directory as if it was there (windows world, think of a shortcut on a desktop, the file isn't actually on the desktop)

If you want it named something else:


ln -fs /path/to/file/filename.php newname.php gets you:
[text]lrwxrwxrwx 1 username groupname 17 Set 28 2010 newname.php -> /path/to/file/filename.php[/text]
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: hyperlink to a page outside of document root

Post by John Cartwright »

Generally you put files outside the document root to have the files directly accessed. It is common to see the files proxied through a script which would check against certain requirements, i.e., if the user is logged in. By having protected files directely accessible, you may have well put them inside the document root to begin with.
infomamun
Forum Contributor
Posts: 102
Joined: Mon Dec 28, 2009 7:48 pm

Re: hyperlink to a page outside of document root

Post by infomamun »

Double Post
Last edited by infomamun on Sat Oct 02, 2010 2:27 am, edited 1 time in total.
infomamun
Forum Contributor
Posts: 102
Joined: Mon Dec 28, 2009 7:48 pm

Re: hyperlink to a page outside of document root

Post by infomamun »

Thanks for your reply. Actually I want to put a page of my website outside of root for preventing from scrapping and loss of my bandwidth.

Suppose I have a hyperlink in my index.php page to my pageA.php (pageA.php is in outside of root). Now if someone want to visit pageA.php, he/she must come to index.php and can go to pageA.php only after clicking the hyperlink. It will protect pageA.php from being scrapped.

If I make a third page like pageB.php(inside root) and include pageA.php(outside root) by "include" or "readfile" function, pageA.php still can be scrapped. As anyone, who wish to scrape pageA.php can easily call pageB.php which ultimately will scrape pageA.php.

So if it is possible to access a page (which is at outside of root) from hyperlink of a page inside root, then it can be protected from scrapping only.

Please note that, redirecting/meta-refresh from pageB.php to pageA.php still cant prevent scrapping of pageA.php as cURL can follow redirection also. Also you cant prevent scrapping by setting referer url/URI/Remote Address in pageA.php as cURL can set referer url according to your wish also.

But limitation is, I can't go to pageA.php by clicking hyperlink from index.php or pageB.php. Thats why I asked about any way to hyperlinking a page from root directory to outside of root directory.

Thanks
Post Reply