[Mediawiki-l] Securing images directory
Sullivan, James (NIH/CIT) [C]
sullivan at mail.nih.gov
Mon Nov 5 21:00:51 UTC 2007
I have set up a wiki where the LocalSettings is set to not allow
unauthenticated users access except to the Login and Help page via a
$wgWhiteListRead setting for those two pages. This works just fine.
However, I can go directly to the images directory via the browser and
access all content stored there. For example, if my wiki is stored in
the directory /var/www/html/wiki on a machine names wikis.example.com
and I have saved images, I can access those images by pointing my
browser to http://wikis.example.com/wiki/images.
I am presented with the directory tree and can access all files saved
under the images directory. I cannot find anything in the archives
describing this and how to restrict access. I plan to try .htaccess but
I was wondering if there is a better approach and whether other
directories are as unprotected as the images directory from being read
by non-logged in users. Maybe a httpd.conf directive?
Any help appreciated.
-Jim
More information about the MediaWiki-l
mailing list