open_basedir is a PHP configuration directive that restricts which files PHP can access to a specified directory tree. When enabled, PHP scripts can only open files within the specified directories.
You'll typically see an error like:
Warning: open_basedir restriction in effect. File(/path/to/file) is not within the allowed path(s): (/var/www/:/tmp/) in /path/to/script.php on line X
Option A: php.ini file
open_basedir = "/var/www/:/tmp/"
Option B: .htaccess (for Apache)
php_admin_value open_basedir "/var/www/:/tmp/"
Option C: Virtual Host Configuration
<Directory /var/www/>
php_admin_value open_basedir "/var/www/:/tmp/"
</Directory>
ini_set('open_basedir', null);
If your script needs to access additional directories, add them separated by colons:
open_basedir = "/var/www/:/tmp/:/new/path/"
Modify your code to only access files within allowed paths:
$allowedPath = '/var/www/uploads/';
$filename = basename($_GET['file']); // Prevent directory traversal
$filepath = $allowedPath . $filename;
if (file_exists($filepath)) {
// Process file
}
echo ini_get('open_basedir');
$realpath = realpath($filepath);
if (strpos($realpath, '/var/www/') !== 0) {
die('Access denied');
}
Would you like me to provide more specific solutions for your particular scenario or environment?