[support] Restricting access to images directory
Shai Gluskin
shai at content2zero.com
Sat Mar 19 07:01:04 UTC 2011
Hi Marco,
In D7 you can set the file system to set private files for just some files and not all files. In D6 it is all or nothing so don't use private files in D6.
In D6 you can put a rewrite rule in your Drupal root level .htaccess file. Presumably your setup puts all the images in a subdirectory which you can specify in the rewrite condition.
I use filefield and imagefield. In the field setup you can specify the subdirectory to put the files in which you can then reference in the rewrite condition.
Shai
On Mar 18, 2011, at 8:40 PM, camro15 <camro15 at gmx.de> wrote:
> Hello, I have setup a private image gallery using modules image, image_gallery_access, acl and views. Access control is working well for nodes. But... Knowing the url to the image files of a "private" gallery, it is possible to access images directly, ignoring any rules for node access! This is undermining my efforts to secure private content. What would be the best way to deny access to the files/images directory? I suppose the directory should contain a .htaccess file, but how about its content? TIA Marco
> --
> [ Drupal support list | http://lists.drupal.org/ ]
More information about the support
mailing list