How to set for specific directory open_basedir
I have a directory /htdocs/unsecured
and I want to limit whatever is in that directory or its subdirectories from accessing anything outside of that directory. Where and how do I set open_basedir
for this directory only?
You can set open_basedir
in your Apache configuration file, php.ini, or in a .htaccess file.
I normally set this in an apache config file such as /etc/httpd/conf/httpd.conf.
You will have a directory structure for your current domain/virtual-host and you can add the line directly in there:
<VirtualHost 123.123.123.123:80>
<Directory /htdocs/unsecured>
php_admin_value open_basedir "C:/htdocs/unsecured"
</Directory>
</VirtualHost>
Note: The 123.123.123.123
is the IP address of your domain and this sample block potentially leaves out a lot of data for this configuration only showing what's needed for open_basedir
.
In php.ini, you can do this on a much-more general level (and it will be applied to every domain on your server) with:
open_basedir = "/htdocs/unsecured"
In .htaccess, you should be able to use the following (though I haven't tested):
php_value open_basedir "/htdocs/unsecured"
EDIT (Windows path)
Per a comment, you're running xammp on Windows (and not using Virtual Hosts). With this information, I would suggest to put your open_basedir
rule in your php.ini
file. This should (hopefully) work for you:
open_basedir = "C:\xampp\htdocs\unsecured"
In linux, a :
is a field separator. In Windows, the ;
is the separator - so this should work, but I am unable to test it personally.