I have several websites hosted in the same public_html folder of my Linux server.
I want that each folder cannot access the other folders, but only include some specific files.
Here is my server structure:
-> public_html
---> site1 folder
---> site2 folder
---> site3 folder
---> common scripts folder
If for example an hacker breaks site2 I need he cannot list the content of the public_html folder or access and run scripts from the other folders.
But in the same time I also need that for example site2 is able to include and run some specific files included in the “common scripts” folder.
Is it possible to achieve this just with a htaccess rule?
Thanks for the help.
2
Answers
First of all, you cannot achieve this through htaccess.
because if a hacker breaks into a site, then that hacker can have control over the complete server space where the current user-account(the account which hacker pass-through. ex: www user account) have access and permissions.
If you need a complete concrete solution, then create multiple users for your vps server and define access rules and permissions for each users and let their sites deployed into corresponding users space like
This above scenario is simple like a server being virtually splitted and sold to multiple users.
Ex: buying a shared hosting space from godaddy or hostgator
where godaddy virtually separates their server and sell them to multiple users.
each user can view and access their own space only and cannot access other users space eventhough they both reside in the same cloud server
no you can not achieve this just with a htaccess rule
it all depends on php handler, if it is dso or cgi then you can not isolate websites, a simple php shell will be able to access all websites and their data.
FCGI, suPHP or PHP-FPM can be used to run php securely with separate UID for each website.
you can also check chroot