Jump to content


This topic is now archived and is closed to further replies.


HTTP Root filesystem not secure

Recommended Posts

Hi, I have a problem (I'm using the newest PHP and Apache), I have a few “sub sites” that other people run on my self-hosted server, but a few weeks ago I found a major security risk: any sub-site (HTTPROOT/sub/[site name]) can use PHP to edit/delete/view any other sub-site or any of the main site (HTTPROOT/ICU and HTTPROOT/FOM are the important ones).

I want to be able to set permissions somewhere to only allow scripts in certain folders to go backwards (ie, I want to let the sub-sites go back from HTTPROOT/sub/[site name]/forum to HTTPROOT/sub/[site name], but not allow them to go any further then their sub-site's root).

I know it can be done with a virtual host... but that is not really what I want, I know there must be a better way.

How can I fix this?

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.