Keeping files above web root/directory


I’ve read a few times that for security purposes its best to keep certain files outside of, or above the main web root/directory. I understand the theory behind this but I don’t understand how its done. O.K so I can place the files above the sites root directory but then how do I reference them form with my scripts?



if you’re accessing them from a php script, use relative paths, er something like

/var/www/html/index.php (web directory)
/var/www/importantFile.php (above web directory)

in index.php, you could include that script with:


Thanks. As stupid as it sounds, I didn’t realise you could use relative addressing to above the web root.

I perfer root relative. Plus its easier to set up a base path using root relative.

$root = dirname($_SERVER['DOCUMENT_ROOT']) . '/System/'; # Outside  the public web folder.

require $root . 'foler/file.php';

Yea I was the same, until I started developing on windows systems. Refrencing from Root sometimes makes for a file permissions nightmare.

Erm huh? How does it affect file permissions? If you have the proper setup in your web root and the parent folder then permissions should not be a problem.

I’ve had past problems when using move_uploaded_file() to move a file into the web directory. It wouldn’t allow it if I specified it starting from C:

This was Windows Server 2003 with IIS 6.0

To be honest I never investigated too deeply as to WHY it was happening, once I got it working using relative paths I moved on.

I wouldn’t mess around with relative/absolute for include files.

Adjust php.ini at this line:

; Paths and Directories ;

include_path = "c:\\inetpub\\includes"

From then on you just do this on any script.


PHP then knows where to go looking, so then you don’t worry about it.

Have a read of you PHP.ini file line by line, time well spent :slight_smile: