1. Home
  2. PHP
  3. open_basedir restriction message

open_basedir restriction message


When attempting to access a file in PHP, the script will yield a warning similar to:

Warning: fopen(): open_basedir restriction in effect. File(/var/www/myresource) is not within the allowed path(s): 
(/home/virtual/site2/fst:/var/www/html:/usr/local:/usr/bin:/usr/sbin:/etc:/tmp:/proc:/dev:/.socket) in /home/virtual/site2/fst/var/www/html/myfile.php on line 3


This is caused by mistakenly referencing a path within a pivot root inconsistent with PHP. PHP runs with a separate filesystem visibility for high-throughput performance, whereas FTP and control panel access require low-throughput, but heightened security. PHP implements a different security subsystem and different access rights.


Prepend the HTTP Base Prefix value taken from the control panel under AccountSummaryWeb. For example, the following PHP snippet would be corrected as follows:

   // Will yield open_basedir warning
   $key = file_get_contents("/var/www/secret.hash");
   $key = file_get_contents("/home/virtual/site12/fst/var/www/secret.hash");

For convenience, the web server will populate an environment variable named SITE_ROOT that contains the value of HTTP Base Prefix. A better example would be:

   $key = file_get_contents($_SERVER['SITE_ROOT'] . "/var/www/secret.hash");
   // do whatever, $key works!

Just don’t forget too that PHP requires special permissions for write access!

See Also

PHP: Writing to files

Updated on July 8, 2019

Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help! If you get an error, visit https://lithiumhosting.com/support instead.
Contact Support