Hi all,
I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL...
Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives?
You can use imagecache to display images resized and place an .htaccess in the directory with the original file.
In .htaccess add:
Order Deny,Allow Deny from all
On Sat, Oct 1, 2011 at 4:43 PM, Peter Anderson list@panda.id.au wrote:
Hi all,
I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL...
Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives?
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
Hi Liviu,
I've just tried that but it doesn't seem to be working (or I'm doing it wrong)... I added a .htaccess file to the directory where my original photos reside with:
Order Deny,Allow Deny from all
in it.
An example photo can be seen here: http://www.russellphotography.net/sandy-beach You should be able to view this image on its own at this URL: http://www.russellphotography.net/system/files/styles/large/private/photos/P...
This is all good, but it then seems you can still edit the URL to view the original photo: http://www.russellphotography.net/system/files/photos/Panda/sandy_beach_07.j... Shouldn't that last, non-image styled URL be protected by the .htaccess file? ('cause that's what I'm wanting to accomplish...)
Please advise what I'm doing wrong.
On 02/10/11 01:04, Liviu Nicolicioiu wrote:
You can use imagecache to display images resized and place an .htaccess in the directory with the original file.
In .htaccess add:
Order Deny,Allow Deny from all
On Sat, Oct 1, 2011 at 4:43 PM, Peter Andersonlist@panda.id.au wrote:
Hi all,
I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL...
Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives?
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
Some Apache config don't support this file. I know mine doesn't. You can put these lines info Apache config and do a graceful restart.
Could you you check the apache log to see why .htaccess is not used? Or maybe you can contact you need to set apache config to read it.
On Sun, Oct 2, 2011 at 7:03 AM, Peter Anderson list@panda.id.au wrote:
Hi Liviu,
I've just tried that but it doesn't seem to be working (or I'm doing it wrong)... I added a .htaccess file to the directory where my original photos reside with:
Order Deny,Allow Deny from all
in it.
An example photo can be seen here: http://www.russellphotography.net/sandy-beach You should be able to view this image on its own at this URL: http://www.russellphotography.net/system/files/styles/large/private/photos/P...
This is all good, but it then seems you can still edit the URL to view the original photo: http://www.russellphotography.net/system/files/photos/Panda/sandy_beach_07.j... Shouldn't that last, non-image styled URL be protected by the .htaccess file? ('cause that's what I'm wanting to accomplish...)
Please advise what I'm doing wrong.
On 02/10/11 01:04, Liviu Nicolicioiu wrote:
You can use imagecache to display images resized and place an .htaccess in the directory with the original file.
In .htaccess add:
Order Deny,Allow Deny from all
On Sat, Oct 1, 2011 at 4:43 PM, Peter Anderson list@panda.id.au wrote:
Hi all,
I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL...
Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives?
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
-
Dick Hoogendijk -
Liviu Nicolicioiu -
Peter Anderson