php - How to set for specific directory open_basedir

Question

I have a directory /htdocs/unsecured and I want to limit whatever is in that directory or its subdirectories from accessing anything outside of that directory. Where and how do I set open_basedir for this directory only?

Answer 1

You can set open_basedir in your Apache configuration file, php.ini, or in a .htaccess file.

I normally set this in an apache config file such as /etc/httpd/conf/httpd.conf.

You will have a directory structure for your current domain/virtual-host and you can add the line directly in there:

<VirtualHost 123.123.123.123:80>
    <Directory /htdocs/unsecured>
        php_admin_value open_basedir "C:/htdocs/unsecured"
    </Directory>
</VirtualHost>

Note: The 123.123.123.123 is the IP address of your domain and this sample block potentially leaves out a lot of data for this configuration only showing what's needed for open_basedir.

In php.ini, you can do this on a much-more general level (and it will be applied to every domain on your server) with:

open_basedir = "/htdocs/unsecured"

In .htaccess, you should be able to use the following (though I haven't tested):

php_value open_basedir "/htdocs/unsecured"

EDIT (Windows path)
Per a comment, you're running xammp on Windows (and not using Virtual Hosts). With this information, I would suggest to put your open_basedir rule in your php.ini file. This should (hopefully) work for you:

open_basedir = "C:xampphtdocsunsecured"

In linux, a : is a field separator. In Windows, the ; is the separator - so this should work, but I am unable to test it personally.