I search and try a lot of thing, but nothing works. My website is in the /var/www/web directory. If I have a php file like this on my website:
we can see the passwd file when I do index.php?page=../../../etc/passwd
But in the configuration file of Apache, I have this:
Deny from all
Options -Includes -Indexes -FollowSymLinks -ExecCGI MultiViews
Allow from all
Why can I go to parent directory when I configure "Deny from all" for /var/www?
So my question is: How to "block" my website into /var/www/web and disallow php to go in parent directory?
Thank all for your response !