Thanks Bob, Got a 404: File not Found. Checked the ssl_error_log as suggested, and found a rather interesting entry:
"No such file: /var/www/html/var/www/secure/test.php" Obviously it's goes to DOCUMENT_ROOT (pre-pending the/var/www/html) and adds what I've asked for. So, how do I tell it where to look, and not the default setting? How am I including them? Well, most of the action occurs from the menu so it's: <a href="https://localhost/var/www/secure/test.php";>Testing for Bugs</a> (I've also tried /secure/test.php Any ideas what I'm messing up? Tioa, Andre On Wednesday 21 August 2002 09:26 pm, Bob Irwin wrote: > Usually the first thing you want to do here is check your error log. Most > of the time, this sort of thing will be a permissions problem, as the > apache server runs the PHP scripts as a user (ie you), that user needs to > have the ability to execute those files. If you aren't sure, make the file > owner you and give the files 777 and work backwards from there. Don't > forget to check the directory permissions as well as the file permissions. > From a hosting point of view, its different and a little more complicated > if you have multiple users on the server, if it's just you though, it makes > it a little easier. Take note of what the file permissions/ownership are > befor eyou change them (in case this isn't the problem). > > Another simple things to check - make sure you're using the full path, ie, > /var/www/secure/filename.php > > How are you including them? I use a > > require("/pathtofile/filename.php"); > > Works for me assuming I have the right permissions. > > Best Regards > Bob Irwin > Server Admin & Web Programmer > Planet Netcom > ----- Original Message ----- > From: "Andre Dubuc" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, August 22, 2002 11:19 AM > Subject: [PHP] Further Security Clarifications [was: Simple Security > Clarifcation] > > > My main files are located in /var/www/html (the 'DOCUMENT_ROOT' in > > Apache, according to php.ini). All sensitive files have been moved to > > '/var/www/secure', but now I can't access them! (According to php.ini, > > the PHP core 'doc_root=none'). > > > > I'm totally confused. If I understand this correctly, I want the files in > > '/var/www/secure' to be served through php scripts that reside in the > > individual files that call them up in /var/www/html. So, the problem > > seems > > to > > > be that either Apache or PHP doesn't know/can't access them. So, what am > > I doing wrong here? > > > > I've also added a <FILes ~"\.sht$"> directive to refuse all .sht files > > (they're .inc's). How do get access for php to the secure file directory, > > and > > > exclude the hackers? > > > > At this point, I'm about as confused as I've ever been since beginning > > PHP. > > > Any clarifications that will guide back into the fold, will be greatly > > appreciated! > > > > Tia, > > Andre > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > Scanned by PeNiCillin http://safe-t-net.pnc.com.au/ > > > > Scanned by PeNiCillin http://safe-t-net.pnc.com.au/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
