Prevent access to original images
Hi all, I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL... Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives? -- Kind regards, Peter Anderson. http://panda.id.au
You can use imagecache to display images resized and place an .htaccess in the directory with the original file. In .htaccess add: Order Deny,Allow Deny from all On Sat, Oct 1, 2011 at 4:43 PM, Peter Anderson <list@panda.id.au> wrote:
Hi all,
I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL...
Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives?
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
Hi Liviu, I've just tried that but it doesn't seem to be working (or I'm doing it wrong)... I added a .htaccess file to the directory where my original photos reside with: Order Deny,Allow Deny from all in it. An example photo can be seen here: http://www.russellphotography.net/sandy-beach You should be able to view this image on its own at this URL: http://www.russellphotography.net/system/files/styles/large/private/photos/P... This is all good, but it then seems you can still edit the URL to view the original photo: http://www.russellphotography.net/system/files/photos/Panda/sandy_beach_07.j... Shouldn't that last, non-image styled URL be protected by the .htaccess file? ('cause that's what I'm wanting to accomplish...) Please advise what I'm doing wrong. On 02/10/11 01:04, Liviu Nicolicioiu wrote:
You can use imagecache to display images resized and place an .htaccess in the directory with the original file.
In .htaccess add:
Order Deny,Allow Deny from all
On Sat, Oct 1, 2011 at 4:43 PM, Peter Anderson<list@panda.id.au> wrote:
Hi all,
I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL...
Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives?
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Kind regards, Peter Anderson. http://panda.id.au
Some Apache config don't support this file. I know mine doesn't. You can put these lines info Apache config and do a graceful restart. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Could you you check the apache log to see why .htaccess is not used? Or maybe you can contact you need to set apache config to read it. On Sun, Oct 2, 2011 at 7:03 AM, Peter Anderson <list@panda.id.au> wrote:
Hi Liviu,
I've just tried that but it doesn't seem to be working (or I'm doing it wrong)... I added a .htaccess file to the directory where my original photos reside with:
Order Deny,Allow Deny from all
in it.
An example photo can be seen here: http://www.russellphotography.net/sandy-beach You should be able to view this image on its own at this URL: http://www.russellphotography.net/system/files/styles/large/private/photos/P...
This is all good, but it then seems you can still edit the URL to view the original photo: http://www.russellphotography.net/system/files/photos/Panda/sandy_beach_07.j... Shouldn't that last, non-image styled URL be protected by the .htaccess file? ('cause that's what I'm wanting to accomplish...)
Please advise what I'm doing wrong.
On 02/10/11 01:04, Liviu Nicolicioiu wrote:
You can use imagecache to display images resized and place an .htaccess in the directory with the original file.
In .htaccess add:
Order Deny,Allow Deny from all
On Sat, Oct 1, 2011 at 4:43 PM, Peter Anderson <list@panda.id.au> wrote:
Hi all,
I want to allow my users to upload photos from their digital cameras. I will use Image Styles to resize and watermark the photos to display in galleries, etc. I then want to prevent access to the original, full-size, non-watermarked photos; but even using a private file system with the directory set outside the web root folder, it seems the original photos are still accessible if you know (or can guess) the URL...
Is there any possible way to prevent anyone accessing the original photos, but allow full access to the image style derivatives?
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Kind regards, Peter Anderson. http://panda.id.au
-- [ Drupal support list | http://lists.drupal.org/ ]
-- regards, mit freundlichen Grüßen, cu stima, Liviu Nicolicioiu ______________________________ epoint - consulting + development Vacarescu 7 300182 Timisoara Romania email: liviu.nicolicioiu@epoint.ro skype: nicolicioiu.liviu mobile: +40 / 729/ 063 679 fax: +40 / 256 / 407 147 www.epoint.ro "reliable solutions. delivered." ______________________________ This message and any attached files are confidential and intended solely for the addressee(s). Any publication, transmission or other use of the information by a person or entity other than the intended addressee is prohibited. If you receive this in error please contact the sender and delete the material. The sender does not accept liability for any errors or omissions as a result of the transmission.
participants (3)
-
Dick Hoogendijk -
Liviu Nicolicioiu -
Peter Anderson