Prevent direct access to images? - Page 2 Prevent direct access to images? - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Prevent direct access to images?

Started by Shaar, November 09, 2010, 10:04:25 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Αndré

Seems that your browser, a third-party tool or something else manipulates your referrer. That's what I told you in my first reply ::)

Shaar

Thats great that there is reasoning behind what its doing now, but is there a way around this in the htaccess file?

I tested on an old xp laptop i have.  doesn't work in firefox, but works in IE.  On my main computer, it doesn't work in firefox OR IE.


I'm probably going to assume there isn't a real 'easy' way around this without changing the way the gallery fetches images.

papukaija

Not sure if you can do it with an ip address restriction. But try to look first for the referrer in your firewall's or other security software's settings.

fmk

Hi Guys,

I am newbie + no programmer. Have been using 1.4 for 10 months and now upgraded to 1.5x. You guys do a great Job here.

I have uploaded my family pics and all and want super protect. I have ajdusted the group/user settings, but can't get the .htaccess straight. I read through the forum, but didn't work. I have same issue like Shaar (The guy who started this topic).

Let me explain how my gallery is setup.

Its installed in 'i-gallery' folder under http://khanz.net/ . I created sub-domain after installation of CPG in http://khanz.net/i-gallery, but now I am using redirection from http://igallery.khanz.net to http://khanz.net/i-gallery. Luckily everything works fine as far as the the gallery is concerned.

I tried to use the .htaccess in several ways explained in the forum, it does block Hot Linking, however it blocks CPG from retrieving the images.

1st one that I tried


AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.mysite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com.* [NC]


2nd one that I tried


RewriteEngine on
Rewritecond %{HTTP_HOST} !^www\.mysite\.com
RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]
RewriteRule \.(jpg)$ - [F]


I have tried to place the .htacess file in http://khanz.net/i-gallery/ , in http://khanz.net/i-gallery/albums/ , and in http://khanz.net/i-gallery/albums/myalbum/ folders.

My existing .htaccess file is in /home/khanznet/public_html/, since I have wordpress installed in public_html so I didn't make any changes to that file. Not sure I should post code of that .htaccess file so left it.

Please suggest what would be the best place to save the .htaccess file for my cpg, and what would the code for either redirect to a static Angry Man pic or just blocking the Hot Linking and Index of http://khanz.net/i-gallery/albums/myalbums.

FMK

Love doesn't stop by my door, I am always infatuated with new things.

fmk

Add up....

Currently I'm this .htacces (from CPG FAQs), but I am not sure if its working or not.



SetEnvIfNoCase Referer "^http://www.khanz.net/" locally_linked=1
SetEnvIfNoCase Referer "^http://khanz.net/" locally_linked=1
SetEnvIfNoCase Referer "^http://igallery.khanz.net/" locally_linked=1
SetEnvIfNoCase Referer "^http://khanz.net/i-gallery/" locally_linked=1
SetEnvIf Referer "^$" locally_linked=1
<FilesMatch "\.(gif|png|jpe|jpg|JPG?g)$">
  Order Allow,Deny
  Allow from env=locally_linked
</FilesMatch>


I have placed it on http://khanz.net/i-gallery/albums/

FMK

Love doesn't stop by my door, I am always infatuated with new things.

Αndré

Please have a look at that mod: http://forum.coppermine-gallery.net/index.php/topic,69397.0.html

The thread starter want to contribute a plugin soon.