[Mediawiki-l] Securing images directory

[Jack D. Pond]

Jim,

See
http://www.mediawiki.org/wiki/Manual:Image_Authorisation
http://www.mediawiki.org/wiki/Manual:%24wgGroupPermissions
http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions
http://www.mediawiki.org/wiki/Extension:Lockdown (and discussion page
attached)



> -----Original Message-----
> From: mediawiki-l-bounces at lists.wikimedia.org 
> [mailto:mediawiki-l-bounces at lists.wikimedia.org] 
> Sent: None
> To: MediaWiki announcements and site admin list
> Subject: [Mediawiki-l] Securing images directory
> 
> I have set up a wiki where the LocalSettings is set to not 
> allow unauthenticated users access except to the Login and 
> Help page via a $wgWhiteListRead setting for those two pages. 
>  This works just fine.
> 
> However, I can go directly to the images directory via the 
> browser and access all content stored there.  For example, if 
> my wiki is stored in the directory /var/www/html/wiki on a 
> machine names wikis.example.com and I have saved images, I 
> can access those images by pointing my browser to 
> http://wikis.example.com/wiki/images.
> 
> I am presented with the directory tree and can access all 
> files saved under the images directory.  I cannot find 
> anything in the archives describing this and how to restrict 
> access.  I plan to try .htaccess but I was wondering if there 
> is a better approach and whether other directories are as 
> unprotected as the images directory from being read by 
> non-logged in users.  Maybe a httpd.conf directive?  
> 
> Any help appreciated.
> 
> -Jim
>