[Mediawiki-l] Blocking Access to Images

Caplan, Hillel (US - New York) hcaplan at deloitte.com
Mon Feb 26 07:39:36 UTC 2007 

I created an .htaccess file which forwards all the direct queries to the
images directory to the main web page, and set the $wgUploadPath
variable to go through img_auth.php as advised ($wgUploadPath =
"$wgScriptPath/img_auth.php";). I tested, and I am able to upload a file
via the wiki, and have verified that the test file is in the directory
that the wiki site said it is in, but I am not able to view the file in
the wiki site. When I click on a link to the file on the image
description page in the wiki, I get an error (Access denied. You need to
log in to access files on this server.) Any suggestions?

------------------------------

Message: 3
Date: Sun, 25 Feb 2007 06:26:53 -0800
From: Brion Vibber <brion at pobox.com>
Subject: Re: [Mediawiki-l] Blocking Access to Images
To: MediaWiki announcements and site admin list
	<mediawiki-l at lists.wikimedia.org>
Message-ID: <45E19CAD.9070803 at pobox.com>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Caplan, Hillel (US - New York) wrote:
> Separate question from my last post:
> 
> How do you prevent a random person from accessing the images directory
> directly (i.e. going to www.wiki_url.com/images)? 

Block off the images directory through whatever means you like (move it,
.htaccess, whatever) and set $wgUploadPath to go through img_auth.php as
if it were a directory; that script will mediate access to the files to
require a login.

This requires that your web server's PHP configuration support PATH_INFO
on PHP. (Some CGI-based configurations or others do not.)

- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF4ZytwRnhpk1wk44RAuz3AJ9uQyD86mrJlCyJcjsA9iH/4+jYswCaA3e+
j4IMBrUwfeH97wt/RaBzWtU=
=dC6l
-----END PGP SIGNATURE----- 


This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law.  If you are not the intended recipient, you should delete this message. 


Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [v.E.1]

More information about the MediaWiki-l mailing list