I employ the "cgi_img_auth.php" method of securing the images directory. I
believe the "image_auth.php" method is similar. With this method a .htaccess is
placed in the /images directory containing "Deny from All". Another .htaccess
in the wiki's main directory contains a rewrite rule that takes any requests for
access to the images directory and re-routes it through the cgi_img_auth.php code, which
verifies authentication before allowing access to the images directory. This prevents
unauthenticated users from directly accessing the images files, for example with a direct
url to the image file.
Its not clear to me that with this in place I need to also add the rewrite rule in the
images directory, but if this is still needed, where would I place it?
From: Tim Starling [mailto:email@example.com]
Sent: Thursday, April 14, 2011 11:56 PM
Subject: Re: [Mediawiki-l] MediaWiki security release 1.16.4
On 15/04/11 13:44, jidanni(a)jidanni.org wrote:
Do mention if MW 1.17 or 1.18 sysops need to worry
about any of this.
Yes, the same issue existed in 1.17 and trunk before the release date.
-- Tim Starling
MediaWiki-l mailing list