Welcome to WebmasterWorld Guest from

Forum Moderators: ocean10000

Message Too Old, No Replies

Including a file above the root directory.

Is there a way?

6:20 pm on Feb 8, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Dec 3, 2004
votes: 0

My question is simple, though I fear the answer may not be. I have a directory -- called "includes" -- That I want to store (You guessed it!) My include files in. I can do this in the inetpub/wwwroot folder, but then everyone and their brother has the potential to download my include files.. So my question is, can I use the include tag like this:

<!--#include file="d:\inetpub\wwwroot\directory\anotherdir\include.inc"-->

I would think that I could. I used MapPath to get the physical directory, but it won't include files using the absolute path. Only if I do either

<!--#include virtual="include.inc"-->
<!--#include file="../directory/.../include.inc"-->

The fact that it won't allow me to use the absolute path is baffling. Is there something else I could try, to access these files from a higher directory than 'inetpub/wwwroot'? A different way of including? A way to configure IIS to allow the use of absolute paths in include statements? I have exhausted my searches on the web .. I am truly stumpted.

Thanks for your input!

-- Zak

8:04 pm on Feb 8, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 12, 2002
votes: 0

Name your include files include.asp instead of include.inc. This way, they will not be able to see or download your asp code. They'll be presented with html code only.
11:30 pm on Feb 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 24, 2005
votes: 0

<!--#include file="d:\inetpub\wwwroot\directory\anotherdir\include.inc"-->

This should work, are you sure you have the path and permissions set correctly?

11:34 pm on Feb 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
votes: 0

As the aim is to protect the files, rather than to actually include files outside of the webroot, then suggestion defanjos made is quite valid.
So move the files into your web folder, and make them .asp files so you can hide any executable code or parameters etc.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members