[Mediawiki-l] User access to file upload directory
Brion Vibber
brion at pobox.com
Sat Apr 23 21:38:44 UTC 2005
Dorthe Luebbert wrote:
> is it possible to protect the image directory (the directory where the
> uploaded files are stored) from outside access? I don't want (now) that
> the following links work when accessed by users not logged in:
>
> Media:something.pdf
> image:something.pdf
>
> The links go to
> http://mywiki.de/wiki/images/5/57/something.pdf
> http://mywiki.de/wiki/Bild:somthing.pdf
>
> Did I miss any configure option?
This is not a recommended configuration; MediaWiki is primarily designed
to be used for open sites.
Move your images directory ($wgUploadDirectory) outside the web root on
the filesystem, or use Apache configuration / .htaccess files to forbid
web access to it. Then set $wgUploadPath to point at img_auth.php.
This requires that your PHP setup support PATH_INFO (many CGI
configurations do not) and you need to be in $wgWhitelistRead mode or
else, of course, there wouldn't be a point.
If you just want to hide images, but let pages be viewed, well that
doens't make much sense to me and it probably won't work.
-- brion vibber (brion @ pobox.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://lists.wikimedia.org/pipermail/mediawiki-l/attachments/20050423/7606cab8/attachment.pgp
More information about the MediaWiki-l
mailing list