Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 84968 invoked from network); 26 Sep 2007 06:26:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 26 Sep 2007 06:26:34 -0000 Received: (qmail 74572 invoked by uid 500); 26 Sep 2007 06:26:14 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 74548 invoked by uid 500); 26 Sep 2007 06:26:14 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 74537 invoked by uid 99); 26 Sep 2007 06:26:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Sep 2007 23:26:14 -0700 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [146.109.240.232] (HELO irp0b.swx.com) (146.109.240.232) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Sep 2007 06:26:12 +0000 X-IronPort-AV: E=Sophos;i="4.20,299,1186351200"; d="scan'208";a="9406464" Received: from unknown (HELO gate0b.unix.swx.ch) ([192.168.252.145]) by irp0b.swx.com with ESMTP; 26 Sep 2007 08:25:51 +0200 Received: from CIWMEXZSA0E.ex.ordersx.org (siwmexzsa0a.ex.ordersx.org [172.20.29.10]) by gate0b.unix.swx.ch (8.13.4/8.13.4) with ESMTP id l8Q6Pngj018270 for ; Wed, 26 Sep 2007 08:25:49 +0200 (MEST) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826 Date: Wed, 26 Sep 2007 08:25:48 +0200 Message-ID: Importance: normal Priority: normal X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] image folder outside the root....how to access it ? thread-index: Acf/4X6evQyle8dXTBCjn8TcEPgPhgAIwAmQ From: "Boyle Owen" To: X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] image folder outside the root....how to access it ? > -----Original Message----- > From: Daniel Ya=FFfffffffffff1ez [mailto:daniel_wachy84@yahoo.com]=20 > Sent: Wednesday, September 26, 2007 4:03 AM > To: users@httpd.apache.org > Subject: Re: [users@httpd] image folder outside the=20 > root....how to access it ? >=20 > Thanks for the Info Joshua I will read it and see what I can=20 > learn, although I have a couple things to point out. The=20 > solution Im looking for was not originally intended to stop=20 > hot linking, but simply, just as a way to have pictures in a=20 > private folders that could only be accessed by a specific=20 > user. Lets say someone uploads a picture to their private=20 > page, no body should be able to access that picture but the=20 > owner of that picture. without any kind of security anyone=20 > can type the picture folder + name and access it like this=20 > www.website.com/images/image1.jpg.=20 It sounds like you are looking for "security" - ie, password-controlled = access. Or, a web application like coppermine (google for details...)=20 > And so I started doing=20 > some research and I have found lots of places and articles=20 > that suggest that for my prloblem I should just use a folder=20 > outside of the root of my domain.=20 This would only make sense in the context of a web application that is = fetching the images dynamically (ie, mapping the dynamic URLs to = arbitrary file locations). If you have a link, post it and I'll have a = look... > The way everyone talks=20 > about it seems like it should be a simple thing, like=20 > something that shouldnt be hard. Yet I cant do it. Just as a=20 > final note, I have been able to access files outside the=20 > root, files like .php by > using include() to call those files. We where even able to=20 > open jpgs as binary and convert them back to jpgs with some=20 > php functions. Yes - that's a PHP application that is handling the request and reading = the files off the disk. This bypasses apache so can't be emulated by = apache config directives.=20 > Yet we should need to do this for all the=20 > secure images in my website. I know there has to be other=20 > ways to achieve this.=20 I think you are confusing server-sided web applications, like PHP, with = apache. Apache is just a web server; it gets files off disks and sends = them down the wire. It can also pass requests to other applications on = the server (handlers, like PHP) and they can get data for it, but they = are not bound by or controlled by the apache config. You can't do what you want to do with apache alone. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored.=20 >=20 >=20 >=20 > ----- Original Message ---- > From: Joshua Slive > To: users@httpd.apache.org > Sent: Tuesday, September 25, 2007 1:22:16 PM > Subject: Re: [users@httpd] image folder outside the=20 > root....how to access it ? >=20 >=20 > On 9/25/07, Daniel Ya=FFfffffffffff1ez = wrote: > > Hello everyone, I have been trying to make this work but so=20 > far I havent been able to successfully load an image (or=20 > other media file) that is in a folder outside the root of my=20 > domain. I initially wanted to do this in order to be able to=20 > deliver this images from code running inside my serer, but to=20 > prevent people from linking directly to the image (or file)=20 > using the address bar (example:=20 > http://www.fakedomain.com/images/image1.jpg). > > > > I know it might be possible to achieve this using an=20 > .htaccess but I heard they are a little bit unsecure plus the=20 > slow down the server. (in the apache website they reccomend=20 > not using it). > > > > My problem is that whenever I try to link to an image=20 > outise the root it simply will not work. For example lets say=20 > my fictional root folder is this one: www/var/public_html/ =20 > and lets just say the index of my website then is this: =20 > www/var/public_html/index.html now lets just say I want to=20 > put my images in a folder located outside the root, like=20 > this: www/images/image1.jpg etc. I should be able to link=20 > to the image like this from my index.html file:=20 > ../images/image1.jpg but it doesnt work. Ive tried several=20 > combinations but nothing seems to work. > > > > My question to you guys is if you know what apache setting=20 > needs to be turned on (or off) to enable this? or how should=20 > I link to images outside the root. > > > > Thanks in advanced and I hope anyone here can help me=20 > because I have looked in a lot of places with no success.=20 > Thanks again !!! > > >=20 > You've got a fundamental problem here: If the image file is not > accessible from the web, then it can't be embedded in an html page. In > order for the image to be displayed as part of the html page, the > browser makes a separate request for the image that, to the server, > looks identical to a request for the image alone (with the important > exception of the content of the Referer HTTP request header). Putting > the images outside the root is not, in itself, a problem. You can > simply use an Alias to map them into the webspace so they are > accessible from the web. But this will not help your direct linking > problem. >=20 > Here's my suggestion: 1. Check to see if you really have a direct > linking problem. Is this really causing you serious problems? Can you > fix it just by occasionally changing the name of your image file? 2. > If you decide you really need to prevent hotlinking/embedding of your > images in external pages, use one of the suggestions here: > http://wiki.apache.org/httpd/DisableImageHotLinking > Note that neither of these require the use of .htaccess. >=20 > Joshua. >=20 >=20 > =20 > ______________________________________________________________ > ______________________ > Moody friends. Drama queens. Your life? Nope! - their life,=20 > your story. Play Sims Stories at Yahoo! Games. > http://sims.yahoo.com/ =20 >=20 > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP=20 > Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > =20 =20 This message is for the named person's use only. It may contain = confidential, proprietary or legally privileged information. No = confidentiality or privilege is waived or lost by any mistransmission. = If you receive this message in error, please notify the sender urgently = and then immediately delete the message and any copies of it from your = system. Please also immediately destroy any hardcopies of the message. = You must not, directly or indirectly, use, disclose, distribute, print, = or copy any part of this message if you are not the intended recipient. = The sender's company reserves the right to monitor all e-mail = communications through their networks. Any views expressed in this = message are those of the individual sender, except where the message = states otherwise and the sender is authorised to state them to be the = views of the sender's company. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org