[pmwiki-users] Protect uploaded files from direct access?
Ian MacGregor
lists at imacgregor.com
Tue Jun 5 09:22:46 CDT 2007
On Tuesday 05 June 2007 6:58:27 am martin at kerz.org wrote:
> Hi,
>
> I'm looking for a (preferably automated) solution to completely
> protect uploaded files from external access. If I upload a file
> whithin a group that is protected with a password, the file still can
> be accessed externally using the direct path, i.e.
> http://yourhost/pmwiki/uploads/Secretgroup/file.ext
>
> Setting $EnableDirectDownload=0 does only restrict the access from
> within the wiki.
>
> A friend of mine suggested to control the access to the subfolder
> using a .htaccess file. Is there a solution based on that method that
> is known to work?
If you decide to go the .htaccess route, I may be able to help.
I use a .htaccess file in my document root to protect .jpg, .png, .gif
and .bmp files from being directly linked. Here's the contents of
the .htaccess file:
# -- Begin protection --
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://imacgregor.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://imacgregor.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.imacgregor.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.imacgregor.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://www.google.com [R,NC]
# -- End protection --
As you can see, directly linking to (or typing in a browser) a file such as:
http://imacgregor.com/uploads/Gallery/crystal-tux-lt.png will redirect you to
www.google.com.
But, You can see the image by viewing it in my album:
http://imacgregor.com/Gallery/Linux (top row, first image)
I believe this requires mod_rewrite in apache.
I hope this helps.
Ian MacGregor
>
> Moreover, I would love to have an automated protection. Is there a
> recipe for pmwiki to restrict direct acces to uploaded files?
>
> Thanks a lot in advance for your help!
>
> Martin
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
More information about the pmwiki-users
mailing list