Path traversal attacks are prevented by segregation so that public and private files are kept in different locations.

If public files are on server Alpha, where would you host private files?

On a secure file server BetaIn a secure partition on server AlphaIn the same location on server Alpha

That's right! If public and private files don't exist in the same location, hacking becomes much harder.

Might it be that a secure partition on the same server is okay as well?