Accessing documents outside the web root in Apache using mod_rewrite
March 2nd, 2009
No comments
I’ve been wanting to keep a CGI script outside my web root (for security), but still serve it on my site.
The problem:
- I’m on a shared host, so I have no access to the server config files (if I did, an ScriptAlias directive would be the move)
- RewriteRule directives in .htaccess files will not serve documents outside the web root
- SSI is not implemented correctly on my server (actually running litespeed), and is recommended for small code insertions anyway.
After days of mailing list and forum posts, always seeming right on the edge of success… Arrrggghhhh!!!!
The solution?
- Put a symbolic link to the script (which does not contain any of the sensitive data) in the directory with the .htaccess file
- In .htaccess:
- Options +SymLinksIfOwnerMatch # tells Apache to follow the link
- RewriteEngine on # enable URL processing via mod_rewrite
- RewriteRule ^(.*)$ scriptname?$1 [T=application/x-httpd-cgi] # pass the path_info requested (everything after the hostname) as a query string to the CGI; and handle it as a CGI script (T=…)
And, voila: script outside web root served!
I hope this saves someone else the frustration!
p.s. the minimum permissions to make this setup work are:
- Script, link and .htaccess: 604
- Script directory: 701
Recent Comments