I'm using XAMPP on Windows 8.1.
I've this in apache config:
DocumentRoot "C:\Users\David\Dropbox\Programming\PHP"
<Directory "C:\Users\David\Dropbox\Programming\PHP">
VHosts:
<VirtualHost *:80>
ServerName http://spedice
DocumentRoot "C:\Users\David\Dropbox\Programming\PHP\Projects_Kuba\Spedice\SczCMS\www"
</VirtualHost>
<VirtualHost *:80>
ServerName http://domaciucetnictvi
DocumentRoot "C:\Users\David\Dropbox\Programming\PHP\Projects_Kuba\DomaciUcetnictvi\www"
</VirtualHost>
But if I try accessing root directory - C or accessing some folder like C:\Program Files etc. It normally works. How can I disable going outside of this folder: C:\Users\David\Dropbox\Programming\PHP?
Fxp:
script.php
<?php
mkdir('../../../../../../folder');
?>
Placed in: C:\Users\David\Dropbox\Programming\PHP\Projects_Kuba\DomaciUcetnictvi\www
Called like: http://domaciucetnictvi/script.php
Thanks!
Try to modify the open_basedir settings in your PHP config (just see Runtime Configuration for further information). This will prevent PHP from accessing directories outside of the definded basedir(s).
---EDIT---
To be a bit more conclusive. You can set open_basedir in your Apache configuration file, php.ini, or in a .htaccess file.
In php.ini, you can do this for example by adding:
open_basedir = "/path/to/first/folder:/path/to/second/folder"
In .htacces you can do it with:
php_flag open_basedir "/path/to/first/folder"
In your Apache config try:
<Directory /docroot1>
php_admin_value open_basedir /path/to/first/folder
</Directory>
<Directory /docroot2>
php_admin_value open_basedir /path/to/second/folder
</Directory>
Related
I'm already using open_basedir to restrict a VirtualHost to a certain directory:
<VirtualHost *:80>
ServerName test.example.com
DocumentRoot /sites/test/www
php_admin_value "open_basedir" "/sites/test/www"
<Directory />
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
How to disable the use of ini_set or exec, but only for this particular VirtualHost (and not for the others)?
You're looking for the disable_functions entry in your php.ini.
So you want a different php.ini for your particular VirtualHost. That could be done via "PHPINIDir"
<virtualhost *:80>
ServerName www.example.com
DocumentRoot /path/to/example.com
PHPINIDir /whatever/path/to/php.ini
</virtualhost>
UPDATE: I removed the example with php_admin_value because, as others have noted in the comments, it wouldn't work with this particular setting. As was discussed here: php_admin_value disable_functions not working ( sorry ... should have looked it up beforehand).
Actually, I downloaded PHP7.2.7 safe thread from PHP's website(php.net) and I don't know if it is possible I can configure PHP to setup a virtualhost like we can do using XAMPP
You can try below configuration:
1) Entry in hosts file as below
127.0.0.1 example.com
2) Set virtual host in httpd-vhosts.conf as below
<VirtualHost *:80>
ServerName example.com
DocumentRoot "/var/www/example/public_html"
ServerAlias quickstart.com
<Directory "/var/www/example/public_html">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
PHP has a built-in web server, but is has limited capability. It does not provide all the configuration options a complete web server does. It does not do VirtualHost.
If you need VirtualHost, you will have to include it as a module inside Apache (or other web server). The module will be global. If your pages in a VirtualHost do not need PHP, PHP remains dormant and does nothing.
PHP isn't a web server, you need to create a VirtualHost in Apache. If you're using Linux, open up httpd.conf or /etc/apache2/sites-enabled/000-default.conf
and enter the following lines.
<VirtualHost *:80>
ServerAdmin admin#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Make sure to restart your web server/apache in order to these changes to work.
I use VirtualDocumentRoot directive for dynamice virtual hosts on apache,
now my virtualhosts are working well
but wen I check the value of $_SERVER["DOCUMENT_ROOT"]
it still have the value of first DocumentRoot definition
not VirtualDocumentRoot value !
the brief part of my "http.conf" file is:
UseCanonicalName Off
DocumentRoot "/var/www/html"
<VirtualHost *:80>
ServerAdmin admin#localhost
VirtualDocumentRoot "/var/vhosts/%0"
ErrorLog "logs/dynamic-vhosts-error.log"
CustomLog "logs/dynamic-vhosts-access.log" combined
</VirtualHost>
when I run this php code bellow
<?php
echo $_SERVER["DOCUMENT_ROOT"];
?>
I get /var/www/html as result.
If I comment this line
#DocumentRoot "/var/www/html"
the PHP result would be
/etc/httpd/htdocs
But I want the value of $_SERVER["DOCUMENT_ROOT"] be like this:
/var/vhosts/exampleDomain.com
Is there any solution for this?
see http://joshbenner.me/blog/quick-tip-get-proper-document-root-when-using-mod-vhost-alias/
I found a great solution to this in the related apache bug report: Simply add the following line to your apache configuration inside the VirtualDocumentRoot vhost definition:
php_admin_value auto_prepend_file /path/setdocroot.php
Then, create the referenced PHP file, and put set this as its contents:
<?php
$_SERVER['DOCUMENT_ROOT'] = str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['SCRIPT_FILENAME']);
Now, every page load has this file executed, which properly sets DOCUMENT_ROOT.
I have a Virtual Host configured in Windows 7. The project is located in C:\project with the following structure:
project
\cache
\configs
\htdocs
\css
\images
\js
\.htaccess
\index.php
\includes
\setup.php
\en.php
\lib
\templates
\templates_c
In my httpd-vhosts.conf, I created a VirtualHost:
<VirtualHost *:80>
DocumentRoot "C:/project/htdocs"
ServerName project.dev
<Directory "C:/project/htdocs">
Options Indexes FollowSymLinks ExecCGI Includes
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
And added 127.0.0.1 project.dev to the C:\Windows\System32\drivers\etc\hosts.
The problem is that I want the htdocs to be the directory from which httpd will serve files but I want to include, with PHP, files, for example, located in the includes directory.
How can I solve this problem? I already tried so many solutions from $_SERVER['DOCUMENT_ROOT'] to Apache Alias and .htaccess tweaking but none have worked so far. There must have be some easy solution. Maybe I'm not understanding quite correctly the concept of DocumentRoot. I just want to emulate the typical server folder public_html/www/htdocs while keeping important files out of the browser/user scope.
This is a VHost I took from my httpd-vhosts.conf. The only extra configuration I made was to get around the 403 I was hitting:
<VirtualHost *:80>
ServerName "Markdown.loc"
ServerAlias "www.Markdown.loc"
DocumentRoot "C:\INTERNAL\PHP\Markdown"
<Directory "C:\INTERNAL\PHP\Markdown">
Options +Indexes
AllowOverride All
</Directory>
</VirtualHost>
All my other VHosts look like this:
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/somesite.loc"
ServerName somesite.loc
ServerAlias www.somesite.loc
</VirtualHost>
If you're simply looking to include something from a dir on the same level as your htdocs though, include("../includes/somefile.php") should work just fine.
If I've got your problem wrong, let me know, and I'll try to help you more.
Set your include path within your virtualhost or .htaccess:
php_value include_path ".;c:/project"
I'm trying to change documentroot on my local windows machine to point at a sub directory below htdocs. I've changed the DocumentRoot location inside httpd.conf along with the Directory location. I've restarted Apache but prinitng out document root with PHP it still points to the default location.
Changes inside httpd.conf:
DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/folder_test/website"
<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/folder_test/website">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
When I navigate to http://localhost/folder_test/website I see the following from my PHP output:
C:/Program Files/Apache Software Foundation/Apache2.2/htdocs
My PHP code:
<?php
//Get the document root
$root = getenv("DOCUMENT_ROOT") ;
Echo $root;
?>
I've restarted Apache...What am I missing?
Open the "\conf\extra\httpd-vhosts.conf" file.
Change the
<VirtualHost _default_:80>
DocumentRoot "${SRVROOT}/htdocs"
#ServerName www.example.com:80
</VirtualHost>
section to reflect the desired directory, in your case:
<VirtualHost _default_:80>
DocumentRoot "${SRVROOT}/htdocs/folder_test/website"
#ServerName www.example.com:80
</VirtualHost>
Hey if this is not answered still:
Sometimes when you change document root and other info in httpd.conf it does not reflect that it because the changes you have dont is not saved at all. In notepad++ and diffmerge it does not show that it is not saved on the contrary it shows as saved. Open it in normal notepad and when you try to replace it it says access denied. May be this is because these folder dont have the modification permission for users. Hence for this purpose you need to
Save the changes in a separate file else where with the same name
httpd.conf
Rename http.conf inside your apache root document to
httpd_backup.conf or just delete it.
now copy the new file you have created i.e. httpd.conf to apache
root document.
Go to "Open apache monitor" and restart
clear all cache and cookies in your browser and try again