Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2014-01-13 11:49:30
- monicahu
- Member
- From: Sydney NSW
- Registered: 2009-03-07
- Posts: 69
[solved] Protect folders "files" and "images" from directory viewing
According to the installation notes, I have added the .htaccess file to the folder “files” to protect people from direct accessing the contents of the this folder.
(1) Can I also do the same to the “images” folder without causing problem to the site? Do I use the same .htaccess file or the contents need to be custom made for the “images” folder?
(2) We are considering to provide an iphone app for people to download the sermons (audio files). As the “files” folder is now protected by the .htaccess, will this prevent the app from directly accessing the .mp3 files and the meta tags of the .mp3? If so, is there a way to overcome the security issue?
Last edited by monicahu (2014-01-20 10:37:42)
Monica
Life with God is the purpose.
Offline
Re: [solved] Protect folders "files" and "images" from directory viewing
monicahu wrote #278100:
According to the installation notes, I have added the .htaccess file to the folder “files” to protect people from direct accessing the contents of the this folder.
(1) Can I also do the same to the “images” folder without causing problem to the site? Do I use the same .htaccess file or the contents need to be custom made for the “images” folder?
Nope. You can’t do that. No image will be displayed.
(2) We are considering to provide an iphone app for people to download the sermons (audio files). As the “files” folder is now protected by the .htaccess, will this prevent the app from directly accessing the .mp3 files and the meta tags of the .mp3?
If your iphone app does only download the files via /file_download/id/name.mp3 so it’s ok but with the .htaccess the app can’t directly go into the /files/ directory.
If so, is there a way to overcome the security issue?
Yeah. Don’t use the .htaccess.
trenc
Last edited by trenc (2014-01-13 14:56:29)
Digital nomad, sailing the world on a sailboat: 32fthome.com
Offline
Re: [solved] Protect folders "files" and "images" from directory viewing
You still can forbid the images directory (www.stpeterseastlindfield.org.au/images/) listing with Options -Indexes rule.
Offline
#4 2014-01-14 10:41:26
- monicahu
- Member
- From: Sydney NSW
- Registered: 2009-03-07
- Posts: 69
Re: [solved] Protect folders "files" and "images" from directory viewing
Thank you trenc for the advice.
etc wrote #278105:
You still can forbid the images directory (www.stpeterseastlindfield.org.au/images/) listing with
Options -Indexesrule.
Is Options - Indexes rule in unix ?
Last edited by monicahu (2014-01-14 10:43:08)
Monica
Life with God is the purpose.
Offline
Re: [solved] Protect folders "files" and "images" from directory viewing
If you just want to stop the directory listing, then you could use etc’s suggestion in the .htaccess file, or even this:
Options All -Indexes…which covers you for subdirectories, too.
Or, if you want a nice easy way to stop access to the directory listing, drop in an index.php file – styled or not – and that will, I believe, work.
Last edited by gaekwad (2014-01-14 11:38:57)
Offline
#6 2014-01-20 10:29:01
- monicahu
- Member
- From: Sydney NSW
- Registered: 2009-03-07
- Posts: 69
Re: [solved] Protect folders "files" and "images" from directory viewing
gaekwad wrote #278135:
Or, if you want a nice easy way to stop access to the directory listing, drop in an index.php file – styled or not – and that will, I believe, work.
I created a blank index.htm file (with the least tags) and placed it in the images directory. I could no longer view the contents using the www.mysitedomain/images/. It worked, Pete. Thank you.
Monica
Life with God is the purpose.
Offline