Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2]   Go Down

Author Topic: Prevent direct access to images?  (Read 19968 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15765
Re: Prevent direct access to images?
« Reply #20 on: November 10, 2010, 03:18:55 pm »

Seems that your browser, a third-party tool or something else manipulates your referrer. That's what I told you in my first reply ::)
Logged

Shaar

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Prevent direct access to images?
« Reply #21 on: November 10, 2010, 05:44:21 pm »

Thats great that there is reasoning behind what its doing now, but is there a way around this in the htaccess file?

I tested on an old xp laptop i have.  doesn't work in firefox, but works in IE.  On my main computer, it doesn't work in firefox OR IE.


I'm probably going to assume there isn't a real 'easy' way around this without changing the way the gallery fetches images.
Logged

papukaija

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: 00
  • Offline Offline
  • Posts: 333
Re: Prevent direct access to images?
« Reply #22 on: November 10, 2010, 07:32:25 pm »

Not sure if you can do it with an ip address restriction. But try to look first for the referrer in your firewall's or other security software's settings.
Logged

fmk

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
    • FMKz Test Bed
Re: Prevent direct access to images?
« Reply #23 on: January 02, 2011, 01:37:56 am »

Hi Guys,

I am newbie + no programmer. Have been using 1.4 for 10 months and now upgraded to 1.5x. You guys do a great Job here.

I have uploaded my family pics and all and want super protect. I have ajdusted the group/user settings, but can't get the .htaccess straight. I read through the forum, but didn't work. I have same issue like Shaar (The guy who started this topic).

Let me explain how my gallery is setup.

Its installed in 'i-gallery' folder under http://khanz.net/ . I created sub-domain after installation of CPG in http://khanz.net/i-gallery, but now I am using redirection from http://igallery.khanz.net to http://khanz.net/i-gallery. Luckily everything works fine as far as the the gallery is concerned.

I tried to use the .htaccess in several ways explained in the forum, it does block Hot Linking, however it blocks CPG from retrieving the images.

1st one that I tried

Code: [Select]
AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.mysite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com.* [NC]

2nd one that I tried

Code: [Select]
RewriteEngine on
Rewritecond %{HTTP_HOST} !^www\.mysite\.com
RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]
RewriteRule \.(jpg)$ - [F]

I have tried to place the .htacess file in http://khanz.net/i-gallery/ , in http://khanz.net/i-gallery/albums/ , and in http://khanz.net/i-gallery/albums/myalbum/ folders.

My existing .htaccess file is in /home/khanznet/public_html/, since I have wordpress installed in public_html so I didn't make any changes to that file. Not sure I should post code of that .htaccess file so left it.

Please suggest what would be the best place to save the .htaccess file for my cpg, and what would the code for either redirect to a static Angry Man pic or just blocking the Hot Linking and Index of http://khanz.net/i-gallery/albums/myalbums.

Logged
FMK

Love doesn't stop by my door, I am always infatuated with new things.

fmk

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
    • FMKz Test Bed
Re: Prevent direct access to images?
« Reply #24 on: January 02, 2011, 03:38:19 am »

Add up....

Currently I'm this .htacces (from CPG FAQs), but I am not sure if its working or not.


Code: [Select]
SetEnvIfNoCase Referer "^http://www.khanz.net/" locally_linked=1
SetEnvIfNoCase Referer "^http://khanz.net/" locally_linked=1
SetEnvIfNoCase Referer "^http://igallery.khanz.net/" locally_linked=1
SetEnvIfNoCase Referer "^http://khanz.net/i-gallery/" locally_linked=1
SetEnvIf Referer "^$" locally_linked=1
<FilesMatch "\.(gif|png|jpe|jpg|JPG?g)$">
  Order Allow,Deny
  Allow from env=locally_linked
</FilesMatch>

I have placed it on http://khanz.net/i-gallery/albums/

Logged
FMK

Love doesn't stop by my door, I am always infatuated with new things.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15765
Re: Prevent direct access to images?
« Reply #25 on: January 02, 2011, 11:05:56 am »

Please have a look at that mod: http://forum.coppermine-gallery.net/index.php/topic,69397.0.html

The thread starter want to contribute a plugin soon.
Logged
Pages: 1 [2]   Go Up
 

Page created in 0.026 seconds with 19 queries.