When you run file_get_contents, the user which is reading the ../user_george/index.php file is the same as the web server (www-data) not the owner of the file.
PHP Safe Mode is a solution for this issue, but is deprecated. I'd recommend to check this series for solutions about Security in Shared Hosting.
How can i load some files, say robots.txt, off the reverse proxy box instead of the actual host?
ProxyPass /robots.txt http://someotherserver.com/robots.txt
or
RewriteEngine On
RewriteCond %{REQUEST_URI} .*robots\.txt$ [NC]
RewriteRule (.*) http://otherhost.com/$1 [P]
Would it be wise to allow loading of .htaccess at the proxy box? What about the rewrite rules they proxy boxes have?
This actually shouldn't matter; .htaccess is just an "extended" apache configuration, so each server will handle their own rewrite rules individually. If your configuration allows for the .htaccess file to be read prior to the proxy, both will execute.
Where should i put my rewrite rules? in vhost or in .htaccess? If i allow .htaccess loading from proxy boxes, won't it be problem to have 2 .htaccess? I think only one of that will be loaded.
Pretty much same as above, if you write .htaccess pages that will actually LOAD on both servers, then they will both work independently.
What about reverse proxying sites that are on http as well as https? Do i need some special setup?
No real issues here. Its all server-side so it doesn't change the interaction with the client.
Are there any issues that i should watch out for while creating a reverse proxy? I already know about using mod_proxy_html to correct the links in html files.
nothing that i can think of off the top of my head.
Best Answer
I would imagine it could be done the same way you would protect a normal directory
Then use the htpasswd utility to generate a .htpasswd file