forum.coppermine-gallery.net
Support => cpg1.3.x Support => Older/other versions => cpg1.3 Permissions & Access Rights => Topic started by: Heiko_Heider on November 15, 2005, 05:14:55 pm
-
Hallo,
I'm seriously struggling with the .htaccess-thing preventing users who are not logged in in Coppermine from accessing JPG-files directly via URL.
(http://www.heiko-heider.de/php/coppermine/albums/2004_05_Strassburg/DSC06267.jpg)
My Coppermine Gallery is in the following directory:
http://www.heiko-heider.de/php/coppermine/
but can also be accessed with these 2 sub-domains:
http://pics.heiko-heider.de
http://bilder.heiko-heider.de
which point to the server directory above.
I read all the threads in this forum regarding this and tried creating an .htaccess file with the following entries:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.heiko-heider.de//.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.heiko-heider.de$ [NC]
RewriteCond %{HTTP_REFERER} !^http://heiko-heider.de/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://heiko-heider.de$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://www.heiko-heider.de [R,NC]
Although this prevents me from accessing jpgs via URL, broken links appear in Coppermine, too.
I hopy someone can help me out on this, as I'm not that familiar with .htaccess files.
Thanks in advance,
Heiko
-
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$|.*jpeg$|.*bmp$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !heiko-heider\.de [NC]
Should be enough for preventing hotlinking, but if you want to exclude your own directorys and still want to enable coppermine accessing them its a difficault thing. It's doable but well nobody I know had workt this out
http://forum.coppermine-gallery.net/index.php?topic=15178.0
-
Thanks for the fast reply.
Unfortunately, the code didn't work, either. -> CP can't access the pictures itself.
I just mailed my hosting-support, they told me thad "mod-rewrite" is not available.
So I'm thinking whether preventing direct URL-file-access with .htaccess is possible at all?
Does anybody know if it's worth to keep trying or that it's just impossible on my host?
Thanks,
Heiko
-
Well it means you can't use this method. There may be an alternative, see if they can suggest anything.
-
Hmm, so it seems my provider sucks!
Well, it's a no-frills-provider, charging for every extra, for example disabling safe-mode will cost 29€.
I have, however, a folder-structure not within the public-html-folder.
Is there any chance that Coppermine gets the files from this folder? Gallery2 is able to do this, I think, but I can't use that due to the safe-mode restriction :-(
Or does anyone else here know a way preventing url-file-access without the need for .htaccess?
What I don't understand, however:
although mod-rewrite seems to be diabled by my host, putting the above code in an .htaccess-file blocks direct URL access to jpg-files.
So at least the blocking seems to work.
Maybe theres a way to give coppermine access anyway???
Thanks,
Heiko
-
Heiko,
The real question is why? If a person can view your pictures they already have a copy of it on their computer. They can also download any picture they are viewing no matter what kind of blocks you put up.
Blocking hot-linking is usually what most users require.
However, if you can identify who the abusers are, you can use htaccess to block these users by IP or referrer ID. see: http://www.javascriptkit.com/howto/htaccess.shtml
Dennis
-
@madeinhawaii:
No, no. That's not what I meant.
You see: I have albums that only certain usergroups can view through logging in to coppermine. My friends of course can do whatever they want with the pictures. I just want to prevent external surfers (who have to much free-time <g>) from getting my pictures by entering the URLS of filenames, thus bypassing coppermines password protection.
-
Heiko,
Did you try this: http://forum.coppermine-gallery.net/index.php?topic=3069.0
Dennis