> -----Original Message-----
> From: Daniel Ya˙fffffffffff1ez
[mailto:daniel_wachy84 yahoo.com]
> Sent: Wednesday, September 26, 2007 4:03 AM
> To: usershttpd.apache.org
> Subject: Re: [usershttpd] image folder outside
the
> root....how to access it ?
>
> Thanks for the Info Joshua I will read it and see what
I can
> learn, although I have a couple things to point out.
The
> solution Im looking for was not originally intended to
stop
> hot linking, but simply, just as a way to have pictures
in a
> private folders that could only be accessed by a
specific
> user. Lets say someone uploads a picture to their
private
> page, no body should be able to access that picture but
the
> owner of that picture. without any kind of security
anyone
> can type the picture folder + name and access it like
this
> www.website.com/images/image1.jpg.
It sounds like you are looking for "security" -
ie, password-controlled access. Or, a web application like
coppermine (google for details...)
> And so I started doing
> some research and I have found lots of places and
articles
> that suggest that for my prloblem I should just use a
folder
> outside of the root of my domain.
This would only make sense in the context of a web
application that is fetching the images dynamically (ie,
mapping the dynamic URLs to arbitrary file locations). If
you have a link, post it and I'll have a look...
> The way everyone talks
> about it seems like it should be a simple thing, like
> something that shouldnt be hard. Yet I cant do it. Just
as a
> final note, I have been able to access files outside
the
> root, files like .php by
> using include() to call those files. We where even
able to
> open jpgs as binary and convert them back to jpgs with
some
> php functions.
Yes - that's a PHP application that is handling the request
and reading the files off the disk. This bypasses apache so
can't be emulated by apache config directives.
> Yet we should need to do this for all the
> secure images in my website. I know there has to be
other
> ways to achieve this.
I think you are confusing server-sided web applications,
like PHP, with apache. Apache is just a web server; it gets
files off disks and sends them down the wire. It can also
pass requests to other applications on the server (handlers,
like PHP) and they can get data for it, but they are not
bound by or controlled by the apache config.
You can't do what you want to do with apache alone.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be
ignored.
>
>
>
> ----- Original Message ----
> From: Joshua Slive <joshuaslive.ca>
> To: usershttpd.apache.org
> Sent: Tuesday, September 25, 2007 1:22:16 PM
> Subject: Re: [usershttpd] image folder outside
the
> root....how to access it ?
>
>
> On 9/25/07, Daniel Ya˙fffffffffff1ez
<daniel_wachy84yahoo.com> wrote:
> > Hello everyone, I have been trying to make this
work but so
> far I havent been able to successfully load an image
(or
> other media file) that is in a folder outside the root
of my
> domain. I initially wanted to do this in order to be
able to
> deliver this images from code running inside my serer,
but to
> prevent people from linking directly to the image (or
file)
> using the address bar (example:
> http://ww
w.fakedomain.com/images/image1.jpg).
> >
> > I know it might be possible to achieve this using
an
> .htaccess but I heard they are a little bit unsecure
plus the
> slow down the server. (in the apache website they
reccomend
> not using it).
> >
> > My problem is that whenever I try to link to an
image
> outise the root it simply will not work. For example
lets say
> my fictional root folder is this one:
www/var/public_html/
> and lets just say the index of my website then is this:
> www/var/public_html/index.html now lets just say I
want to
> put my images in a folder located outside the root,
like
> this: www/images/image1.jpg etc. I should be able to
link
> to the image like this from my index.html file:
> ../images/image1.jpg but it doesnt work. Ive tried
several
> combinations but nothing seems to work.
> >
> > My question to you guys is if you know what apache
setting
> needs to be turned on (or off) to enable this? or how
should
> I link to images outside the root.
> >
> > Thanks in advanced and I hope anyone here can help
me
> because I have looked in a lot of places with no
success.
> Thanks again !!!
> >
>
> You've got a fundamental problem here: If the image
file is not
> accessible from the web, then it can't be embedded in
an html page. In
> order for the image to be displayed as part of the html
page, the
> browser makes a separate request for the image that, to
the server,
> looks identical to a request for the image alone (with
the important
> exception of the content of the Referer HTTP request
header). Putting
> the images outside the root is not, in itself, a
problem. You can
> simply use an Alias to map them into the webspace so
they are
> accessible from the web. But this will not help your
direct linking
> problem.
>
> Here's my suggestion: 1. Check to see if you really
have a direct
> linking problem. Is this really causing you serious
problems? Can you
> fix it just by occasionally changing the name of your
image file? 2.
> If you decide you really need to prevent
hotlinking/embedding of your
> images in external pages, use one of the suggestions
here:
> h
ttp://wiki.apache.org/httpd/DisableImageHotLinking
> Note that neither of these require the use of
.htaccess.
>
> Joshua.
>
>
>
>
____________________________________________________________
__
> ______________________
> Moody friends. Drama queens. Your life? Nope! - their
life,
> your story. Play Sims Stories at Yahoo! Games.
> http://sims.yahoo.com/
>
>
------------------------------------------------------------
---------
> The official User-To-User support forum of the Apache
HTTP
> Server Project.
> See <URL:http://htt
pd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribehttpd.apache.org
> " from the digest:
users-digest-unsubscribehttpd.apache.org
> For additional commands, e-mail: users-helphttpd.apache.org
>
This message is for the named person's use only. It may
contain confidential, proprietary or legally privileged
information. No confidentiality or privilege is waived or
lost by any mistransmission. If you receive this message in
error, please notify the sender urgently and then
immediately delete the message and any copies of it from
your system. Please also immediately destroy any hardcopies
of the message. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this
message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail
communications through their networks. Any views expressed
in this message are those of the individual sender, except
where the message states otherwise and the sender is
authorised to state them to be the views of the sender's
company.
------------------------------------------------------------
---------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://htt
pd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribehttpd.apache.org
" from the digest: users-digest-unsubscribehttpd.apache.org
For additional commands, e-mail: users-helphttpd.apache.org
|
