Page tree
Skip to end of metadata
Go to start of metadata

This document is for a previous release of cPanel & WHM. To view our latest documentation, visit our Home page.

For cPanel & WHM 11.44

(Home >> Security Center >> PHP open_basedir Tweak)


The open_basedir tweak limits users' ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, /tmp, and some necessary PHP system directories. This protects foreign files from PHP access.


This security tweak modifies the Apache configuration file, regardless of the PHP handler that you have selected.

  • Apache configuration file directives for PHP only take effect if you select the DSO handler. 
  • If you have configured PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the open_basedir directive in the appropriate php.ini file. Users must each have their own php.ini files when they use a PHP handler that is not DSO. 


Enable the open_basedir tweak

To enable the open_basedir tweak, perform the following steps:

  1. Select the Enable php open_basedir Protection checkbox.
  2. Select the domains that you wish to exclude, and disable protection for their files.
  3. Click Save.

open_basedir directives

When you enable the open_basedir tweak, the system adds PHP admin directives to each Virtual Host in the httpd.conf file.

These directives limit users' PHP access to the following directories:



If PHP 4 is compiled into Apache, users can also access the following directories: 


Related documentation