httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] image folder outside the root....how to access it ?
Date Wed, 26 Sep 2007 06:25:48 GMT
> -----Original Message-----
> From: Daniel Ya├┐fffffffffff1ez [mailto:daniel_wachy84@yahoo.com] 
> Sent: Wednesday, September 26, 2007 4:03 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] image folder outside the 
> root....how to access it ?
> 
> Thanks for the Info Joshua I will read it and see what I can 
> learn, although I have a couple things to point out. The 
> solution Im looking for was not originally intended to stop 
> hot linking, but simply, just as a way to have pictures in a 
> private folders that could only be accessed by a specific 
> user. Lets say someone uploads a picture to their private 
> page, no body should be able to access that picture but the 
> owner of that picture. without any kind of security anyone 
> can type the picture folder + name and access it like this 
> www.website.com/images/image1.jpg. 

It sounds like you are looking for "security" - ie, password-controlled access. Or, a web
application like coppermine (google for details...) 

> And so I started doing 
> some research and I have found lots of places and articles 
> that suggest that for my prloblem I should just use a folder 
> outside of the root of my domain. 

This would only make sense in the context of a web application that is fetching the images
dynamically (ie, mapping the dynamic URLs to arbitrary file locations). If you have a link,
post it and I'll have a look...

> The way everyone talks 
> about it seems like it should be a simple thing, like 
> something that shouldnt be hard. Yet I cant do it. Just as a 
> final note, I have been able to access files outside the 
> root, files like .php by
>  using include() to call those files. We where even able to 
> open jpgs as binary and convert them back to jpgs with some 
> php functions.

Yes - that's a PHP application that is handling the request and reading the files off the
disk. This bypasses apache so can't be emulated by apache config directives. 

> Yet we should need to do this for all the 
> secure images in my website. I know there has to be other 
> ways to achieve this. 

I think you are confusing server-sided web applications, like PHP, with apache. Apache is
just a web server; it gets files off disks and sends them down the wire. It can also pass
requests to other applications on the server (handlers, like PHP) and they can get data for
it, but they are not bound by or controlled  by the apache config.

You can't do what you want to do with apache alone.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 



> 
> 
> 
> ----- Original Message ----
> From: Joshua Slive <joshua@slive.ca>
> To: users@httpd.apache.org
> Sent: Tuesday, September 25, 2007 1:22:16 PM
> Subject: Re: [users@httpd] image folder outside the 
> root....how to access it ?
> 
> 
> On 9/25/07, Daniel Ya├┐fffffffffff1ez <daniel_wachy84@yahoo.com> wrote:
> > Hello everyone, I have been trying to make this work but so 
> far I havent been able to successfully load an image (or 
> other media file) that is in a folder outside the root of my 
> domain. I initially wanted to do this in order to be able to 
> deliver this images from code running inside my serer, but to 
> prevent people from linking directly to the image (or file) 
> using the address bar (example: 
> http://www.fakedomain.com/images/image1.jpg).
> >
> > I know it might be possible to achieve this using an 
> .htaccess but I heard they are a little bit unsecure plus the 
> slow down the server. (in the apache website they reccomend 
> not using it).
> >
> > My problem is that whenever I try to link to an image 
> outise the root it simply will not work. For example lets say 
> my fictional root folder is this one: www/var/public_html/    
> and lets just say the index of my website then is this:    
> www/var/public_html/index.html   now lets just say I want to 
> put my images in a folder located outside the root, like 
> this:    www/images/image1.jpg etc. I should be able to link 
> to the image like this from my index.html file: 
> ../images/image1.jpg but it doesnt work. Ive tried several 
> combinations but nothing seems to work.
> >
> > My question to you guys is if you know what apache setting 
> needs to be turned on (or off) to enable this? or how should 
> I link to images outside the root.
> >
> > Thanks in advanced and I hope anyone here can help me 
> because I have looked in a lot of places with no success. 
> Thanks again !!!
> >
> 
> You've got a fundamental problem here: If the image file is not
> accessible from the web, then it can't be embedded in an html page. In
> order for the image to be displayed as part of the html page, the
> browser makes a separate request for the image that, to the server,
> looks identical to a request for the image alone (with the important
> exception of the content of the Referer HTTP request header). Putting
> the images outside the root is not, in itself, a problem. You can
> simply use an Alias to map them into the webspace so they are
> accessible from the web. But this will not help your direct linking
> problem.
> 
> Here's my suggestion: 1. Check to see if you really have a direct
> linking problem. Is this really causing you serious problems? Can you
> fix it just by occasionally changing the name of your image file? 2.
> If you decide you really need to prevent hotlinking/embedding of your
> images in external pages, use one of the suggestions here:
> http://wiki.apache.org/httpd/DisableImageHotLinking
> Note that neither of these require the use of .htaccess.
> 
> Joshua.
> 
> 
>        
> ______________________________________________________________
> ______________________
> Moody friends. Drama queens. Your life? Nope! - their life, 
> your story. Play Sims Stories at Yahoo! Games.
> http://sims.yahoo.com/  
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message