Apache Friends Support Forum

Hi all, I have been building a site and decided that I want to move important files to outside of document root. So I need to redirect from htdocs/index.php to test_folder outside of root. How can one achieve this?

I have tried the following

redirect ('location:'.$_SERVER['HTTP_HOST']. '/../test_folder/');

but it redirects to htdocs instead. How can I visit the site in htdocs, but redirect script to outside of root folder.

donenvy wrote:and decided that I want to move important files to outside of document root.

why?

donenvy wrote:So I need to redirect from htdocs/index.php to test_folder outside of root. How can one achieve this?

You can't. A redirect will trigger a new HTTP request and the destination needs to be requestable.
Depending on the goal there are different solutions.

Altrea wrote:

donenvy wrote:and decided that I want to move important files to outside of document root.

why?

donenvy wrote:So I need to redirect from htdocs/index.php to test_folder outside of root. How can one achieve this?

You can't. A redirect will trigger a new HTTP request and the destination needs to be requestable.
Depending on the goal there are different solutions.

To secure admin folder and files, based on research and questions this seems to be the common route to ensure admin folder files are not visible to outside users.

When you say you can't. is this xampp specific because as far as I can see from actual hosting this is easily achieved?

donenvy wrote:To secure admin folder and files, based on research and questions this seems to be the common route to ensure admin folder files are not visible to outside users.

Putting files outside of DocumentRoot for security is not done by redirects but with php functions.
PHP can work with files outside of DocumentRoot because it is using OS file operations.

donenvy wrote:When you say you can't. is this xampp specific because as far as I can see from actual hosting this is easily achieved?

A redirect to a destination outside of DocumentRoot will not work on hosting environments too, exept there is a route defined which is requestable, like an Apache Alias.
But that has nothing to do with security any more.

So redirecting to outside root is no good idea?

I asked the question here and they said it is recommended, unfortunately I do not understand enough of the limitations to place out side root. I thought i could script it to redirect to a secure area in login script where only I have access to the folder

http://stackoverflow.com/questions/24617799/how-to-secure-admin-folder-php/24619483#24619483

What do you think?

donenvy wrote:So redirecting to outside root is no good idea?

It is a very good idea, but not working the way you think it is.

donenvy wrote:I thought i could script it to redirect to a secure area in login script where only I have access to the folder

As said, there are several ways to secure sensitive data. But a redirect to a not requestable file is not possible.

donenvy wrote:http://stackoverflow.com/questions/24617799/how-to-secure-admin-folder-php/24619483#24619483

If you read carefully you will not find any redirects to not requestable files.
But you will find solutions for php, like include().

Altrea wrote:

donenvy wrote:So redirecting to outside root is no good idea?

It is a very good idea, but not working the way you think it is.

donenvy wrote:I thought i could script it to redirect to a secure area in login script where only I have access to the folder

As said, there are several ways to secure sensitive data. But a redirect to a not requestable file is not possible.

donenvy wrote:http://stackoverflow.com/questions/24617799/how-to-secure-admin-folder-php/24619483#24619483

If you read carefully you will not find any redirects to not requestable files.
But you will find solutions for php, like include().

When they said normal rules apply, I thought that meant it could be used as a directory like a normal directory under root. But if I understand correctly what you are saying is you can only include a file from outside root. So next question would be how do you include a file from a folder called test_folder outside root?

I am using the xampp lite, so the hard drive letter changes all the time?

donenvy wrote:So next question would be how do you include a file from a folder called test_folder outside root?

http://www.php.net/manual/en/function.include.php

donenvy wrote:I am using the xampp lite, so the hard drive letter changes all the time?

include can handle relative paths too

Altrea wrote:

donenvy wrote:So next question would be how do you include a file from a folder called test_folder outside root?

http://www.php.net/manual/en/function.include.php

donenvy wrote:I am using the xampp lite, so the hard drive letter changes all the time?

include can handle relative paths too

Just tried it and it didn't work. It still tries to pick up "test_folder/index.php" from htdocs rather than xampp. Is there a different syntax that needs to be used to pick up the xampp folder instead?

Tried:
include $_SERVER['DOCUMENT_ROOT']."/test_folder/index.php";

Warning: include(F:/xammp/htdocs/test_folder/index.php): failed to open stream: No such file or directory in

donenvy wrote:Tried:
include $_SERVER['DOCUMENT_ROOT']."/test_folder/index.php";

Of course you must proof, that this yields to the right path. You may also use relative or absolute path:

inlucde "/myfiles/test_folder/index.php";

or

include "../test_folder/index.php";

or

include "../myfolder/test_folder/index.php";

etc.