[support] Prevent access to original images
Liviu Nicolicioiu
liviu.nicolicioiu at epoint.ro
Mon Oct 3 08:10:20 UTC 2011
Could you you check the apache log to see why .htaccess is not used?
Or maybe you can contact you need to set apache config to read it.
On Sun, Oct 2, 2011 at 7:03 AM, Peter Anderson <list at panda.id.au> wrote:
> Hi Liviu,
>
> I've just tried that but it doesn't seem to be working (or I'm doing it
> wrong)...
> I added a .htaccess file to the directory where my original photos reside
> with:
>
> Order Deny,Allow
> Deny from all
>
> in it.
>
> An example photo can be seen here:
> http://www.russellphotography.net/sandy-beach
> You should be able to view this image on its own at this URL:
> http://www.russellphotography.net/system/files/styles/large/private/photos/Panda/sandy_beach_07.jpg
>
> This is all good, but it then seems you can still edit the URL to view the
> original photo:
> http://www.russellphotography.net/system/files/photos/Panda/sandy_beach_07.jpg
> Shouldn't that last, non-image styled URL be protected by the .htaccess
> file? ('cause that's what I'm wanting to accomplish...)
>
> Please advise what I'm doing wrong.
>
>
> On 02/10/11 01:04, Liviu Nicolicioiu wrote:
>
> You can use imagecache to display
> images resized and place an .htaccess in the directory with the original
> file.
>
> In .htaccess add:
>
> Order Deny,Allow
> Deny from all
>
>
>
> On Sat, Oct 1, 2011 at 4:43 PM, Peter Anderson <list at panda.id.au> wrote:
>
> Hi all,
>
> I want to allow my users to upload photos from their digital cameras. I
> will use Image Styles to resize and watermark the photos to display in
> galleries, etc. I then want to prevent access to the original,
> full-size, non-watermarked photos; but even using a private file system
> with the directory set outside the web root folder, it seems the
> original photos are still accessible if you know (or can guess) the URL...
>
> Is there any possible way to prevent anyone accessing the original
> photos, but allow full access to the image style derivatives?
>
> --
> Kind regards,
> Peter Anderson.
> http://panda.id.au
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
> --
> Kind regards,
> Peter Anderson.
> http://panda.id.au
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
--
regards, mit freundlichen Grüßen, cu stima,
Liviu Nicolicioiu
______________________________
epoint - consulting + development
Vacarescu 7 300182 Timisoara Romania
email: liviu.nicolicioiu at epoint.ro
skype: nicolicioiu.liviu
mobile: +40 / 729/ 063 679
fax: +40 / 256 / 407 147
www.epoint.ro
"reliable solutions. delivered."
______________________________
This message and any attached files are confidential and intended
solely for the addressee(s). Any publication, transmission or other
use of the information by a person or entity other than the intended
addressee is prohibited. If you receive this in error please contact
the sender and delete the material. The sender does not accept
liability for any errors or omissions as a result of the transmission.
More information about the support
mailing list