I am on a Parallels/Plesk VPS host, and this is a really newbie question.
The webroot is at:
/var/www/vhosts/my-domain-name/httpdocs
There is also a path called:
/var/www/vhosts/my-domain-name/private/
But PHP scripts can't seem to read files in there.
From my understanding any file placed within the webroot, is in danger of being served to the public if requested by its web-path/filename. I am vaguely aware of the use of .htaccess files to tell Apache not to serve certain files/dirs.
But can (or should) I place my sensitive file somewhere outside of the webroot, while still allowing it to be read by PHP scripts?
Thank you!
Here were my errors when trying to read a file within the "private" folder above:
Warning: file() [function.file]: open_basedir restriction in effect. File(../../private/test.txt) is not within the allowed path(s): (/var/www/vhosts/blah.com/httpdocs:/tmp) in /var/www/vhosts/blah.com/httpdocs/misc/testscript.php on line 8
Warning: file(../../private/test-dt.txt) [function.file]: failed to open stream: Operation not permitted in /var/www/vhosts/blah.com/httpdocs/misc/testscript.php on line 8
UPDATE: SOLVED
Picto at reddit/r/PHPHelp gave me what I needed, and it is specific to Plesk systems.
I had to write a file called vhost.conf placed in the conf folder which exists at the same level as httpdocs. And in the vhost.conf, I used:
<Directory /var/www/vhosts/my-domain-name/httpdocs>
php_admin_value open_basedir /var/www/vhosts/my-domain-name/httpdocs:/tmp:/var/www/vhosts/my-domain-name/myfolder
</Directory>
So I now place my sensitive files in "myfolder", which is outside of the webroot (httpdocs).
After this, to make these settings take effect, (restarting Apache doesn't work) there are some Plesk specific commands to give, see: http://www.gadberry.com/aaron/2006/02/09/plesk_vhost/
It's a good practice store sensitive data outside apache document root.
You need to allow PHP to access these folders adding or modifying the Virtual Host configuration.
Look for
php_value open_basedir
and add your folders separated by a colon (:)
More info at open_basedir
Note: there is a few security issues with open_basedir, explained in
http://www.hardened-php.net/advisory_012004.42.html
EDIT:
I use this tree structure for each domain:
domain/ www-data permisions
├── etc r-x
├── log rwx
├── phpCache rwx
├── phpFiler rwx
├── phpInclude r-x
├── phpLogs rwx
├── phpSession rwx
├── phpTmp rwx
├── phpTrash rwx
├── privat ---
├── www443 r-x
└── www80 r-x
etc: for application configuration files.
log: for Apache or nginx log files
phpCache: for Zend_Cache files
phpFiler: for app's files, a PHP script serves it if the user has privileges.
phpInclude: php_value include_path
phpLogs: for application logs
phpSessions: for store this virtual host data sessions.
phpTmp: for temporal files, like uploaded.
phpTrash: a trash for phpFiler.
privat: for my private pourposes
www443: for https document root
www80: for http document root
In open_basedir clausule I put all folders except log and privat.
This means, that the so-called safe-mode
is in affect, which does not allow any opening of file and directories outside a given directory (e.g. your specific webroot). This is very common on shared hosters and if you do not have access to the php.ini, you are out of luck and cannot access your files in ../private.
To access protected files, add a directory below your usual httpdocs
-directory (e.g. private) and add a .htaccess
-file inside with the content
order allow
deny deny from all
This will prevent anyone accessing the files without going through your php-script.
On a last note: if your php-file has been right under the httpdocs
-directory, your script needs to point to ../private/test-dt.txt
and not to ../../private/test-dt.txt
.
Place them above the root folder. The PHP scripts will still be able to access them, but if the website is compromised then directories above the root should remain secure.
So put them somewhere like /var/www/vhosts/sensitive-docs/
and set permissions on the directory so that PHP can read the files.