[Mediawiki-l] MediaWiki security release 1.16.4

Platonides Platonides at gmail.com
Sun Apr 17 18:14:37 UTC 2011

Sullivan, James (NIH/CIT) [C] wrote:
> I employ the "cgi_img_auth.php" method of securing the images directory.  I believe the "image_auth.php" method is similar.  With this method a .htaccess is placed in the /images directory containing "Deny from All".  Another .htaccess in the wiki's main directory contains a rewrite rule that takes any requests for access to the images directory and re-routes it through the cgi_img_auth.php code, which verifies authentication before allowing access to the images directory.  This prevents unauthenticated users from directly accessing the images files, for example with a direct url to the image file.  
> Its not clear to me that with this in place I need to also add the rewrite rule in the images directory, but if this is still needed, where would I place it?
> -Jim

I think that you would place it in the main .htaccess (with the
appropiate path), which is the one handling the images/ folder.
I think it would be cleaner if that section was inside the images/ one,

More information about the MediaWiki-l mailing list