[pmwiki-users] Protect uploaded files from direct access?
Martin Kerz
martin at kerz.org
Tue Jun 5 14:40:33 CDT 2007
That's exactly what I was looking for. Thanks!
Am 05.06.2007 um 16:06 schrieb Patrick R. Michaud:
> On Tue, Jun 05, 2007 at 03:58:27PM +0200, martin at kerz.org wrote:
>> I'm looking for a (preferably automated) solution to completely
>> protect uploaded files from external access. If I upload a file
>> whithin a group that is protected with a password, the file still can
>> be accessed externally using the direct path, i.e.
>> http://yourhost/pmwiki/uploads/Secretgroup/file.ext
>>
>> Setting $EnableDirectDownload=0 does only restrict the access from
>> within the wiki.
>>
>> A friend of mine suggested to control the access to the subfolder
>> using a .htaccess file. Is there a solution based on that method that
>> is known to work?
>>
>> Moreover, I would love to have an automated protection. Is there a
>> recipe for pmwiki to restrict direct acces to uploaded files?
>
> Try copying the .htaccess file from your wiki.d/ directory into
> the uploads/ directory. It should read
>
> Order Deny,Allow
> Deny from all
>
> This tells the webserver to deny all direct access to files in the
> uploads/ directory. Since PmWiki doesn't use the webserver to
> access the files in uploads/, it will still be able to respond to
> ?action=download requests (after checking authorizations).
>
> Another possibility is to move uploads/ somewhere completely outside
> of the webserver tree, and use $UploadDir to point to this new
> location:
>
> $UploadDir = '/path/to/uploads';
>
> Pm
More information about the pmwiki-users
mailing list