On Nov 5, 2007 4:00 PM, Sullivan, James (NIH/CIT) [C] sullivan@mail.nih.gov wrote:
I am presented with the directory tree and can access all files saved under the images directory. I cannot find anything in the archives describing this and how to restrict access. I plan to try .htaccess but I was wondering if there is a better approach and whether other directories are as unprotected as the images directory from being read by non-logged in users. Maybe a httpd.conf directive?
How secure do you need the images? Do you want it so that nobody can access an image without being logged into the wiki, even if they know the file's location/URL? (For this, you would need to use img_auth.php: < http://www.mediawiki.org/wiki/Manual:Image_Authorisation%3E.) Or do you just not want somebody to have access to all your images in directory listing format? For that, you can just disable the display of indexes through httpd.conf or .htaccess (Options -Indexes).