-----Original Message-----
From: mediawiki-l-bounces(a)lists.wikimedia.org
[mailto:mediawiki-l-bounces@lists.wikimedia.org]
Sent: None
To: MediaWiki announcements and site admin list
Subject: [Mediawiki-l] Securing images directory
I have set up a wiki where the LocalSettings is set to not
allow unauthenticated users access except to the Login and
Help page via a $wgWhiteListRead setting for those two pages.
This works just fine.
However, I can go directly to the images directory via the
browser and access all content stored there. For example, if
my wiki is stored in the directory /var/www/html/wiki on a
machine names
wikis.example.com and I have saved images, I
can access those images by pointing my browser to
http://wikis.example.com/wiki/images.
I am presented with the directory tree and can access all
files saved under the images directory. I cannot find
anything in the archives describing this and how to restrict
access. I plan to try .htaccess but I was wondering if there
is a better approach and whether other directories are as
unprotected as the images directory from being read by
non-logged in users. Maybe a httpd.conf directive?
Any help appreciated.
-Jim