Prevent direct access to images?

Shaar · November 09, 2010, 10:04:25 AM

I have it set up now so that users can only view thumbnails unless I move the user account to a group named 'PAID MEMBERS'. Well, I noticed a little problem with this. I can right click and view source, scroll down to the thumbnail path, and remove the word thumb and the images are all fully accessible this way. Is there a way to prevent direct access to the images without viewing each image on the pages and albums directly on the site? I'd prefer this to be blocked completely for ALL users even admins.

Thanks a million!

Αndré · November 09, 2010, 12:24:20 PM

That has been discussed here before and is possible with an appropriate .htaccess rule that checks the referrer. But that's neither 100% secure nor works for all your visitors (especially people with pseudo security software that hides the referrer). Maybe it's possible if you use everywhere the readfile function instead of accessing images directly.

Shaar · November 09, 2010, 04:10:30 PM

The .htaccess file is a route I would like to take. I found a couple different lines of code on here and online and i added it to the .htaccess file and when I do that, none of the images work even when logged in. I also had it redirect the images to a single default image, but it replaced all the images on my gallery with that default image.

What would be the proper way to block external image use using .htaccess? But still allowing access when viewing the photo through the gallery pages?

Αndré · November 09, 2010, 05:00:49 PM

Something like that should work.

Shaar · November 09, 2010, 05:08:40 PM

I tried that initially before posting this and it blocks everything with those file types even when viewing them from the gallery.

Nibbler · November 09, 2010, 05:26:40 PM

You need to change mydomain.com to the allowed domain. Post your .htaccess file.

Shaar · November 09, 2010, 05:28:35 PM

Here is my .htaccess file:

Code Select

RewriteEngine on
Rewritecond %{HTTP_HOST} !^www\.5glibrary\.com
RewriteRule (.*) http://www.5glibrary.com/$1 [R=301,L]
RewriteRule \.(jpg)$ - [F]

Αndré · November 09, 2010, 06:28:32 PM

You have to check for %{HTTP_REFERER} as described in the tutorial. You cannot just copy the last line

Try to replace

Code Select

RewriteRule \.(jpg)$ - [F]
with

Code Select

RewriteCond %{HTTP_REFERER} !^http://www\.5glibrary\.com/.*$ [NC]
RewriteRule \.(jpg)$ - [F]

Shaar · November 09, 2010, 06:50:05 PM

Thank you. I will try it when I get home. I need to learn more about this sort of thing. Even though it can be outlined in a tutorial I am very apt to overlook terms and key instructions.

I will let you know if it works. Thanks again!

Shaar · November 09, 2010, 10:16:00 PM

I just tried it and I still have the same problem. It will block the image from directly typing the path in the address bar, but it also prevents images from being viewed on the gallery pages.

Αndré · November 10, 2010, 11:37:13 AM

Quote from: Shaar on November 09, 2010, 10:16:00 PM
I just tried it and I still have the same problem. It will block the image from directly typing the path in the address bar, but it also prevents images from being viewed on the gallery pages.

Cannot confirm on my local testbed. This is my entire .htaccess file:

Code Select

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://localhost:88/.*$ [NC]
RewriteRule \.(jpg)$ - [F]

I can view images in the gallery, but cannot access them directly.

Stramm · November 10, 2010, 12:16:24 PM

mod_rewrite needs to be enabled. Talk to your host if that's true for your account.

Shaar · November 10, 2010, 02:10:55 PM

I just sent a help ticket to my host asking about the mod rewrite issue. Thanks guys. I will update as this progresses!

Shaar · November 10, 2010, 02:27:54 PM

Got a fast response from them. Here was their reply:

QuoteMod_rewrite is not enabled because this server does not use Apache. However, the rewriting capability is most certainly active. You can activate it for your domain via the .htaccess with the following two lines. You may still need to turn on rewrites via your CMS however.

Options +FollowSymLinks
RewriteEngine on

Let us know if you have any further questions and we would be glad to help. Thank you.

Shaar · November 10, 2010, 02:30:50 PM

And I just tried adding the options line to the .htaccess and it still doesn't display images in the gallery

sadface

Αndré · November 10, 2010, 02:57:07 PM

Please fill your existing .htaccess file with only that content

Code Select

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www\.5glibrary\.com/.*$ [NC]
RewriteRule \.(jpg)$ - [F]

and access your website with the leading 'www.'. If that doesn't work, we cannot do anything for you.

Αndré · November 10, 2010, 02:58:14 PM

Maybe it's a client-side issue?

Quote from: Αndré on November 09, 2010, 12:24:20 PM
nor works for all your visitors (especially people with pseudo security software that hides the referrer).

Please report if you have replaced your .htaccess file, so we can also test.

Shaar · November 10, 2010, 03:01:58 PM

I just replaced it with what you recommended. No change here still.

www.5glibrary.com

Αndré · November 10, 2010, 03:07:56 PM

Works as expected for me. See attached screenshot.

Shaar · November 10, 2010, 03:11:16 PM

That is very odd. I tried clearing my internet history here just in case, and tried both IE and firefox and I just get red x's in IE and just the file name in firefox. Very very strange.

coppermine-gallery.com/forum

News:

Prevent direct access to images?

Shaar

Αndré

Shaar

Αndré

Shaar

Nibbler

Shaar

Αndré

Shaar

Shaar

Αndré

Stramm

Shaar

Shaar

Shaar

Αndré

Αndré

Shaar

Αndré

Shaar