I had never considered this before so I tried wikiurl/images and got a 403 forbidden message - is this sufficient protection for a standard MediaWiki install? (mine is PHP as CGI module)
On 2/25/07, Brion Vibber brion@pobox.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Caplan, Hillel (US - New York) wrote:
Separate question from my last post:
How do you prevent a random person from accessing the images directory directly (i.e. going to www.wiki_url.com/images)?
Block off the images directory through whatever means you like (move it, .htaccess, whatever) and set $wgUploadPath to go through img_auth.php as if it were a directory; that script will mediate access to the files to require a login.
This requires that your web server's PHP configuration support PATH_INFO on PHP. (Some CGI-based configurations or others do not.)
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF4ZytwRnhpk1wk44RAuz3AJ9uQyD86mrJlCyJcjsA9iH/4+jYswCaA3e+ j4IMBrUwfeH97wt/RaBzWtU= =dC6l -----END PGP SIGNATURE-----
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l