htaccess
Moderator: General Moderators
htaccess
Hi,
I was looking for a solution to a problem that I was facing. I have an web application, and I dont want users to access the images directly using a URL, eg, http://www.site.com/images/pic1.jpg. I checked on google, and they suggest using htaccess file for this with this in the file
"Order deny,allow
deny from all
allow from localhost
"
But this doesnt seem to help, I can yet access the images using the URL.
Can anyone help me with this?
Thanks
I was looking for a solution to a problem that I was facing. I have an web application, and I dont want users to access the images directly using a URL, eg, http://www.site.com/images/pic1.jpg. I checked on google, and they suggest using htaccess file for this with this in the file
"Order deny,allow
deny from all
allow from localhost
"
But this doesnt seem to help, I can yet access the images using the URL.
Can anyone help me with this?
Thanks
you could do it using php instead of .htaccess
something like that will do the trick, very basic but works; not sure why you'd need it though
Code: Select all
<img src="get_img.php?id=3" />Code: Select all
<?
// get_img.php source
$img = $_GET['id'];
$loc = "Location: http://www.domain.com/hidden/images/".$img .".gif";
header($loc);
?>htaccess
Hi,
Thanks for your replies.
We have set up a photo gallery (using Mambo) for our client, it is a paid membership site, where visitors can only access preview galleries but need to subscribe in order to access all the galleries on the site.
We’re having a problem that if people know (or members redistribute) the entire path to each photo, then anyone can access it (without having the required subscription).
Is there a way of securing the photos from direct access?
Thanks
Thanks for your replies.
We have set up a photo gallery (using Mambo) for our client, it is a paid membership site, where visitors can only access preview galleries but need to subscribe in order to access all the galleries on the site.
We’re having a problem that if people know (or members redistribute) the entire path to each photo, then anyone can access it (without having the required subscription).
Is there a way of securing the photos from direct access?
Thanks
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
This obviously needs a lot of improvement, but hopefully you get the idea:
Jcart | fixed code error 
Code: Select all
<img src="get_img.php?name=myimage.jpg" />Code: Select all
<?
$img = preg_replace('/[^a-zA-Z0-9\_\-\.]/', '', $_GET['name']); // filter name to prevent injection
$img = trim($img, '/.'); // don't allow any paths
$img = '/full/path/to/dir/' . $img; // full path to image
if ($user->isSignedIn() && file_exists($img)) {
header("Content-type: image/" . substr($img, -1, 3)); // use file extension for type
readfile($img);
} else {
header("Content-type: image/gif");
readfile('/full/path/to/error.gif');
}
?>(#10850)
Take a look at this thread for a way to do this without modifying established URLs or editing any <img> elements.
htaccess
Thanks for your reply. Did check on the link.
I am assuming that the .htaccess file needs to be in the folder that has the images. And also is the servlet used to display images to authenticated users?
If you can explain the steps, will appreciate it.
Thank you
I am assuming that the .htaccess file needs to be in the folder that has the images. And also is the servlet used to display images to authenticated users?
If you can explain the steps, will appreciate it.
Thank you
Re: htaccess
That would be the easiest way.vivekjain wrote:I am assuming that the .htaccess file needs to be in the folder that has the images. And also is the servlet used to display images to authenticated users?
On the line that is commented check client authority (or similar) add whatever security check you wish to apply to the image, if any.