httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragon <>
Subject Re: [users@httpd] image folder outside the to access it ?
Date Thu, 27 Sep 2007 16:04:50 GMT
Rachel Anderson-Barrios wrote:
> >From the sounds of it, you are required to use a web application to do
>what you want to do.  It doesn't have to be PHP.  You can use cgi
>scripts, ASP, tomcat with java, or ...
>Make a script or a page which will do two things.  First, validate the
>user, check that they are logged in payed, etc.  Second, parses a
>parameter to allow the image to be displayed on the page.  Say, for
>example, the url is ""
>show_picture.cgi will first check that the user exists, if so, will
>display sunset.jpg (from whatever folder sunset.jpg is in).
>Now, you do raise a point, a user could view the source and see the
>exact location of sunset.jpg.  Well, there are a few other
>You don't need your pictures to be in a "images" directory, it can be
>called anything you want.  You could put it under
>""  Once
>a user has viewed a picture, the server in the background can move it to
>a new location.  For this, you may want to keep a database of where the
>pictures are located.
>Another thing you could to is only display your photos through an
>embedded object. For example, make little flash files out of your
>pictures.  Have the flash program check that you are logged in, etc.
>Then you wouldn't need to move them around, or do anything else.
>PS.  This is my initial impression, there are probably many other ways
>to do what you want, but you will need the help of a programed
>application to do so.
---------------- End original message. ---------------------

Actually, this is almost right but not quite.

If you want the files served securely, they should NOT be located 
anywhere within the document root tree.

The script itself would retrieve the file from where it lives outside 
the server root and forward it to the browser. The URL for the image 
would be a call to the CGI script and not a direct link to the image 
itself. CGI is not limited to serving HTML, you can serve any file 
type you want by providing the appropriate content type and 
disposition headers.

For instance, in one of the applications I am working on, there is an 
option for a logged-in user with appropriate privileges to access a 
PDF file. This file is generated on the fly from the database and it 
never resides as an actual file on the file system. You can do the 
same thing with images. They can be stored in a database or anywhere 
on the file system and served solely by the application script.

In short, the application script acts as a proxy to Apache to serve 
the content. Apache simply invokes the script under the CGI mechanism 
and then "gets out of the way" while the script does what it is supposed to do.

Unfortunately, this is no longer really a discussion about Apache and 
is thus drifting off topic. There are many good books and tutorials 
out there on how to write web applications. Those resources are a 
better place to turn at this time than this list.


  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message