Use custom root for php backend scipts outside public frontend area for security

There are number of reasons why certain scripts or framework php data may reside outside of public_html. For e.g. CodeIgnitor, etc. Currently there exists custom root feature. This does not help because it maps to public_html (hope I understood correct).

I suggest to have public_html as frontend and one system backend dir outside. The structure would be:

/home/username/web/domain/public_html <----- frontend
/home/username/web/domain/backend <--------- backend

The backend will use open_basedir feature and allow sensitive php scripts like framework to work with frontend of all files under public_html, like themes, assets, css, etc. Then, the backend scripts will be included in backups, etc.

Upload everything to /home/user/web/

And then custom docroot to


it should work fine

Issue with method of above:

Every “software” have their own settings some like larval prefer to use app others src and use public for public data and so on…

Thanks Eris,

Of course, the custom root possibility will allow, like how I suggested:

/home/user/web/ <----- frontend (Custom root)
/home/user/web/ <--------- backend

I still need to learn Hestia and its power. Pooooh, Hestia has grown to such an excellent panel, far beyond VestaCP. I regret not to have transferred to it earlier…


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.