For cPanel & WHM version 11.50
(Home >> Security Center >> PHP open_basedir Tweak)
open_basedir tweak limits the user's ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, the /
tmp directory, and some necessary PHP system directories. This helps to protect your system from unauthorized access through PHP.
This security tweak modifies the Apache configuration file, regardless of the PHP handler that you select.
Apache only uses configuration file PHP directives if you select the DSO handler.
- If you configure PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the
open_basedirdirective in the appropriate
php.inifile. Each user requires their own
php.inifiles when you select a PHP handler that is not DSO.
Enable the open_basedir tweak
To enable the
open_basedir tweak, perform the following steps:
- Select the Enable php open_basedir Protection checkbox.
- Select the checkboxes that correspond to the domains that you wish to exclude.
- Click Save.
When you enable the
open_basedir tweak, the system adds PHP directives to each Virtual Host in the
These directives limit users' PHP access to the following directories:
- Apache PHP Request Handling — Learn about the different PHP configurations available with Apache.
- How to Edit Your php.ini File — Learn how to make changes to your
- PHP Security Concepts — Learn how to increase the security of your PHP implementation.