Hello,
Is there a way to not allow anyone to get to pictures by knowing the filename and the directory it is in? My galleries are only viewable by having to login (no public access). However, if you view it once and know the directory and filename, you can get to it by typing in the url, bypassing the login. Is there a way to prevent that?
Example - if you know the url:
http://xxx.com/albums/userpics/1000x/img001.jpg
You can type it in to view the pictures.
Thanks.
Yes, there is. ;) But it's not coppermine related. Google for hotlink protection.
I found more info but it appears that hotlinking protection via .htaccess is the next best thing at the moment since files access control is not part of the core.
Is this a correct way?
Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?gallery.chipmunkfamily.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Image still viewable - http://gallery.chipmunkfamily.com/albums/Acura%20TSX%20-%20March%202004/etsx01.jpg
I know I'm not doing it right. What is wrong? Appreciate any help I can get. Host do support rewrite - even list it on the hosting FAQs.
Seems to be working fine for me - I get a 403 Forbidden error.
Hmm... well I initially thought it was the browser cache but I cleared it many times already. ??? Let me try again.
I see how it works now. :( Click on the link it says forbidden. Copy, paste the URL and you will see the pictures. Any other codes I can put in the .htaccess to disallow that? Please know that I understand the argument of - if you want your pictures to be secure, do not put it on the Internet. With the availability of users and groups, this should not happen.
Thanks.
Remove this line.
RewriteCond %{HTTP_REFERER} !^$
It's not a good solution though. There is nothing you can do about direct linking since it bypasses Coppermine entirely.
Thank you Nibbler. Removing that line now shows the forbidden page as well when you past the URL into another browser window. Is this something that will be worked into version 1.6.x? Just curious.
Thanks.
Quote from: w000f on June 15, 2008, 05:01:40 AM
Is this something that will be worked into version 1.6.x?
Next version will be cpg1.
5.x, not cpg1.
6.x. As Nibbler pointed out, this
can not be built into Coppermine, since it bypasses Coppermine. You'd have to store the pics outside of the webroot (one level up) and dynamically generate a temporary copy of the file the legitimate visitor can see that needs to be purged after a certain time if you wanted to accomplish what you're up to. This would cause a huge performace penalty and will make Coppermine very hard to set up and will therefor not go into coppermine any time soon. This has been discussed in detail in previous threads already, so I won't explain this any further - search the board for details if you want to find out more.
Thank you.
W.