The Wiki I run is only for authorized users and requires authentication for access to *all* pages. But, one area that slipped in under my radar is the images directory. Has anyone done any work in the area of protecting that directory with HTTP AUTH and tying it in with MediaWiki authentication? Or, create an extension that will catch [[Media:]] links and serve the images/documents via PHP instead of linking directly to the iamges directory?
Dan
Dan Davis wrote:
The Wiki I run is only for authorized users and requires authentication for access to *all* pages. But, one area that slipped in under my radar is the images directory.
$wgUploadPath = "/path/to/img_auth.php";
Keep your physical image directory hidden away somewhere.
Requires that PATH_INFO work on the server (eg, if using PHP as CGI you may have to configure it appropriately. Try a google search for whatever necessary documentation for your combination of web server and PHP.)
(Note that img_auth.php is a little funky; $wgWhitelistRead needs to be set, I think.)
-- brion vibber (brion @ pobox.com)
On 11/16/06, Brion Vibber brion@pobox.com wrote:
Dan Davis wrote:
The Wiki I run is only for authorized users and requires authentication
for
access to *all* pages. But, one area that slipped in under my radar is
the
images directory.
$wgUploadPath = "/path/to/img_auth.php";
Well! Won't you look at that?! That worked like a charm. A quick 'Deny' in an .htaccess and Alias in httpd.conf, and I have the directory protected without breaking any of my users' bookmarks!
Thanks Brion.
Dan
mediawiki-l@lists.wikimedia.org