uploading web file outside doc-root issues I uploaded my file oustside the root directory while leaving only index.php in the public_html here is my directory structure /home/user /myweb_application ----> my uploaded files /access_log /etc /mail /public_htm /public_ftp /tmp /www Here is how i configured it 1: inside /public_html I have index.php with the content as follow <?php require '../myweb_application/web_index.php'; ?> 2: Inside /myweb_application i created 2 files for testing along with web_index.php making it 3 php files web_index.php <html><body> <li> <a href="test1.php">Connect test1</a><br><br> </li> <li> <a href="test2.php">Connect test2</a><br><br> </li> </ul> </body></html> test1.php <html> I am test 1 </html> test2.php <html> I am test 2 </html> Finally, the directory becomes /home/user /myweb_application ----> my uploaded files web_index.php test1.php test2.php /access_log /etc /mail /public_htm index.php /public_ftp /tmp /www when i load the page as http://example.com index.php loads web_index.php from outside the root Look at my problem now when i click on link CONNECT TEST1 of test1.php from web_index.php it says The requested URL /test1.php was not found on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. what could be the problem. is it because test1.php, test2.php is outside the root. can anyone help me
The problem is here:
when i click on link CONNECT TEST1 of test1.php from web_index.php it says The requested URL /test1.php was not found on this server.
In a directory sense you are not in the myweb_application directory. When you go to http://example.com and the index.php file is called, it loads web_index.php via a require/include statement. That does not change the current working directory. You're document root is still set to public_htm.
In order to get index1.php you need to call index1.php from the index.php script. You will probably want to do this via URL params but be warned, do not just pass a url parameter directly into an include/require statement. That is a huge security risk. What you need to do is have a whitelist of available param options. If the params passed in do not match the whitelist then reject it.
Something like this would work: