Document RootThe document root is the base directory of a Web server's document tree. Web users have access to this directory and all sub-directories beneath it, but not to any peer or parent directories. A document root should not be the main root directory of a drive. A document root should be at least one sub-directory away from a drive's root directory.
For example, the document root of the HTML for Dummies Web site is http:/www.outer.net/html4dum. This directory is actually /www/httpdocs/html4dum, three sub-directory levels away from the main root. When a user accesses the HTML for Dummies site, only those directories below the html4dum directory are accessible from those pages.
Using permission levels to allow world access to a Web site's document root and specialized access to any parents of that document root is one method of security on a Web server.
Document root is also an environmental variable for Web servers which
defines the path and location of the Web documents. This designation
is important for creating a secure Web server. All requests for documents
or resources outside of the defined document root are ignored and refused
by the server. For example:
DocumentRoot /www/docs/ might be a document root variable
definition for the NCSA HTTP server.