I have virtual hosts in /var/www/site1 and /var/www/site2 folders. I want to restrict access to the files outside document root in apache virtual host, i.e. site1 could not access files of site2.
Right now this scripts in /var/www/site1 works fine, which is not good:
$filename = "/var/www/site2/somefile";
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
echo $contents;
How to solve this problem please?
Thank you very much!
This one's a bit trickier than you would think at first. The problem is that once you're running a script, then the script will do whatever it's allowed to do by the operating system. The script will be run by the same user as the apache web server, and the web server has to be able to read both directories in order to serve web pages for it.
So, in order for your script to not be able to see the other directories, you would need to run it as another user than the webserver. You can do this by using suexec, though of course you need to be careful with setting it up or you can create security problems.