-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Caplan, Hillel (US - New York) wrote:
Separate question from my last post:
How do you prevent a random person from accessing the images directory directly (i.e. going to www.wiki_url.com/images)?
Block off the images directory through whatever means you like (move it, .htaccess, whatever) and set $wgUploadPath to go through img_auth.php as if it were a directory; that script will mediate access to the files to require a login.
This requires that your web server's PHP configuration support PATH_INFO on PHP. (Some CGI-based configurations or others do not.)
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)