KoLi KoLi - 5 months ago 17
Javascript Question

Load files out from ROOT

I wanna create a folder, out of my ROOT dir. Called: 'karaoke'.

My ROOT dir is '/var/www/'.

If i try to load an .mp3 file from this 'karaoke' dir, it cannot find that.

I tried the following codes:

<script>
$( document ).ready(function(){ startFlash('','../karaoke/sample.mp3',''); });
</script>

<script>
$( document ).ready(function(){ startFlash('','/var/karaoke/sample.mp3',''); });
</script>


If the 'karaoke' dir is in the ROOT dir, the following code works:

<script>
$( document ).ready(function(){ startFlash('','karaoke/sample.mp3',''); });
</script>


I dont understand this situation. If anyone can help, pls write a solution.

Thank, KoLi

Answer

That's what the root is for! If any client could simply use ../ notation to break out of your web root, they could call ../../../etc/shadow or ../../apps/secretdatabase or whatever else.

If you want your apache server to be able to serve a directory outside the root, use an alias:

https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias

The Alias directive allows documents to be stored in the local filesystem other than under the DocumentRoot. URLs with a (%-decoded) path beginning with URL-path will be mapped to local files beginning with directory-path. The URL-path is case-sensitive, even on case-insensitive file systems.

Alias "/image" "/ftp/pub/image"

In your case, this would be like:

Alias "/karaoke" "/var/karaoke"