Linking To Folders Outside Of Public_html

[savage3e]

I hope this is the proper forum for asking this.

 

I'm hosting a website that wants to have a rather large collection of php scripts that run their site (including the index.php) located outside of the public_html folder to ensure that nobody gets at them. They would like that index.php file called up when a browser hits the public_html.

 

Is this possible? Does this make sense? How can I do this?

 

Thanks in advance.

[MikeJ]

I'm hosting a website that wants to have a rather large collection of php scripts that run their site (including the index.php) located outside of the public_html folder to ensure that nobody gets at them.  They would like that index.php file called up when a browser hits the public_html.

 

Is this possible?  Does this make sense?  How can I do this?

They have to be accessible via public_html directory tree (or at least accessible to the webserver) to be executed/displayed through the webserver, so there's really no difference if they are actually there, or linked from there.

 

About the only exception would be if all of the PHP scripts were used via includes in files that were in public_html.

 

I honestly think they are probably asking for a level of complexity that will buy them no level of additional security unless there's some additional part of the request that isn't being stated. If the php scripts are in the public_html directory, people still cannot access them as source (they will be processed before ever being delivered via the webserver).

[savage3e]

I honestly think they are probably asking for a level of complexity that will buy them no level of additional security unless there's some additional part of the request that isn't being stated.

Sounds like. This is what they instructed:

 

It is now necessary for you to make your BBWM installation web-accessible. You should create a virtual web host that points to the htdocs/ directory, or create a link from a currently accessible directory to the htdocs/ directory. It is very important that web users are not allowed access to the webs/ directory, as they will be able to read your config.php file that contains your database authentication information. This is easily accomplished by moving your BBWM installation to a private location and creating a link to the web/ directory from a publicly accessible directory. For example:

 

$ cd

$ pwd

/home/eshin

$ ls -dp nuffle*

nuffle-1.0/

$ cd public_html/

$ pwd

/home/eshin/public_html

$ ln -s ../nuffle-1.0/webs/htdocs nuffle

 

You can also create a virtual web host with the htdocs/ directory as the root. Don't forget to make sure the web server has read permission on these directories.

 

Does this help at all? Or is it still simply best to link to their index.php from public_html?

 

Thanks for the quick reply.

[MikeJ]

Ahh, ok.... there are directories within the tree that shouldn't be accessible. Yea, it makes a lot more sense now.

 

Yea, that should be possible to set it up that way, but I believe you'll need to submit a help desk ticket to have that link created since File Manager (or ftp for that matter) I'm pretty sure doesn't have the ability to create symbolic links.

 

Try to be as descriptive as possible about what you need setup when you submit the ticket.

[savage3e]

Great. I'll do that. Thanks Mike!

[savage3e]

Okay. So I've had Jacob in Tech Support make the changes I've requested. And now when I go to the URL in question (http://glenburnie.owgl.net) I can see the symbolic link to "index.php" show up in the "Index of /" page, but the "index.php" doesn't actually do anything. In fact, even when I select it, or manually enter it as the URL, nothing happens. I checked permissions on the folders and files the symbolic link points to (755, 755, 755, 644 respectively) and they're all the same as when I tested this inside the public_html.

 

Any clue what I'm doing wrong?

[MikeJ]

Yea, I'm pretty sure I know what is going on. If you PM me an IM contact, or IM me in a few hours (when I'm home and have more time to look into it), I should be able to help you figure it out if you haven't by then.