somewhat urgent question - hiding contents in _media

Hi all,

I have made an unpleasant discovery: the contents of _media
on my
dokuwiki are appearing in google searches. I have now moved
the
install to another domain in the root dir with the dokuwiki
default
.htaccess file and a robots.txt file containing: User-agent:
*
Disallow: /_media

I'm in a big hurry to close this hole, and in the quick
searches I did
today and yesterday I didn't find any FAQs on this subject
right away
- sorry if I missed them. Can someone please direct me to
any existing
instructions/FAQs or give me guidance?

Thanks!

Tobias

-- 
Tobias Eigen

Senior Steward - IT
Global Action Networks-Net (GAN-Net)
http://www.gan-net.net

Executive Director
Kabissa - Space for Change in Africa
http://www.kabissa.org
-- 
DokuWiki mailing list - more info at
http://wi
ki.splitbrain.org/wiki:mailinglist

On Fri, 21 Mar 2008 06:57:04 -0700
"Tobias Eigen" <tobiaseigengmail.com> wrote:

> Hi all,
> 
> I have made an unpleasant discovery: the contents of
_media on my
> dokuwiki are appearing in google searches. I have now
moved the
> install to another domain in the root dir with the
dokuwiki default
> .htaccess file and a robots.txt file containing:
User-agent: *
> Disallow: /_media
> 
> I'm in a big hurry to close this hole, and in the quick
searches I did
> today and yesterday I didn't find any FAQs on this
subject right away
> - sorry if I missed them. Can someone please direct me
to any existing
> instructions/FAQs or give me guidance?

I don't see what the problem is? What help do you want?

Andi


-- 
http://www.splitbrain.org

Hi Andi,

It is now possible for unauthenticated people to access all
the
contents of the _media path, including google. This is
disastrous for
us as we have been using the wiki for internal discussions
and
planning. We have namespaces set up to be public, and others
set up to
be private. All content uploaded to the wiki, whatever the
namespace,
is publicly visible.

Maybe I need to phrase the question another way: is it
possible to
block direct access to the _media path, or to verify that
you can only
access certain media if you are authenticated for that
namespace?

Cheers,

Tobias

On Fri, Mar 21, 2008 at 7:42 AM, Andreas Gohr <andisplitbrain.org> wrote:
> On Fri, 21 Mar 2008 06:57:04 -0700
>  "Tobias Eigen" <tobiaseigengmail.com> wrote:
>
>  > Hi all,
>  >
>  > I have made an unpleasant discovery: the contents
of _media on my
>  > dokuwiki are appearing in google searches. I have
now moved the
>  > install to another domain in the root dir with
the dokuwiki default
>  > .htaccess file and a robots.txt file containing:
User-agent: *
>  > Disallow: /_media
>  >
>  > I'm in a big hurry to close this hole, and in the
quick searches I did
>  > today and yesterday I didn't find any FAQs on
this subject right away
>  > - sorry if I missed them. Can someone please
direct me to any existing
>  > instructions/FAQs or give me guidance?
>
>  I don't see what the problem is? What help do you
want?
>
>  Andi
>
>
>  --
>  http://www.splitbrain.org
>



-- 
Tobias Eigen

Senior Steward - IT
Global Action Networks-Net (GAN-Net)
http://www.gan-net.net

Executive Director
Kabissa - Space for Change in Africa
http://www.kabissa.org
-- 
DokuWiki mailing list - more info at
http://wi
ki.splitbrain.org/wiki:mailinglist

Hi,

Are you looking for the Options -Indexes command in a
.htaccess file?
http:/
/httpd.apache.org/docs/1.3/mod/core.html

Regards,
Rebekah
-- 
DokuWiki mailing list - more info at
http://wi
ki.splitbrain.org/wiki:mailinglist

hi folks,

thanks for your quick replies.

>  You're talking about _media - _media is a rewrite
pointing to
>  fetch.php. fetch.php will honor your ACLs when
delivering files, so
>  there are two things to check:
>
>  - are links in google pointing to _media or to
data/media ?
>  - When it is the former, your ACLs are probably not
set up correctly.
>  Remember only namespace ACLs are relevant for media
files. When it is
>  the latter see what Chris said.

It's a file in the _media folder. But perhaps you're right
and the
issue is with the ACLs. I will explore the issue some more
and let you
know what I come up with.

Cheers,

Tobias

On Sun, Mar 23, 2008 at 2:21 PM, Andreas Gohr <andisplitbrain.org> wrote:
> On Sun, 23 Mar 2008 19:06:58 +0000
>  Christopher Smith <chrisjalakai.co.uk> wrote:
>
>  >
>  > On 23 Mar 2008, at 14:54, Tobias Eigen wrote:
>  > > Hi Andi,
>  > >
>  > > It is now possible for unauthenticated
people to access all the
>  > > contents of the _media path, including
google. This is disastrous
>  > > for us as we have been using the wiki for
internal discussions and
>  > > planning. We have namespaces set up to be
public, and others set up
>  > > to be private. All content uploaded to the
wiki, whatever the
>  > > namespace, is publicly visible.
>
>  What Chris said is probably the answer to your real
question hower
>  there is something in you post not matching your
Chris' answer...
>
>  You're talking about _media - _media is a rewrite
pointing to
>  fetch.php. fetch.php will honor your ACLs when
delivering files, so
>  there are two things to check:
>
>  - are links in google pointing to _media or to
data/media ?
>  - When it is the former, your ACLs are probably not
set up correctly.
>  Remember only namespace ACLs are relevant for media
files. When it is
>  the latter see what Chris said.
>
>
>
>  Andi
>
>  --
>  http://www.splitbrain.org
>



-- 
Tobias Eigen

Senior Steward - IT
Global Action Networks-Net (GAN-Net)
http://www.gan-net.net

Executive Director
Kabissa - Space for Change in Africa
http://www.kabissa.org
-- 
DokuWiki mailing list - more info at
http://wi
ki.splitbrain.org/wiki:mailinglist