homepage Welcome to WebmasterWorld Guest from 184.72.82.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
protecting images in variable sub folders?
ctrlaltdel




msg:4568711
 4:03 pm on Apr 28, 2013 (gmt 0)

I have asked this question before and was kindly supplied with the answer by Lucy here:
[webmasterworld.com...]

However, my gallery software has chnaged and the URl to images has a different format, such as
mywebsite.co.uk/gallery/upload/2013/04/28/20130428141333-edae7e67.jpg
or
mywebsite.co.uk/gallery/upload/2013/04/28/20130428141329-2fda219d.jpg

the structure seems to be based on when i up the images as both these images were uppped on 28/04/2013 around 2.13pm. the part of the url that ends in -edae7e67.jpg is generated by the software.

Im looking to redirect any direct attempt at my images to be sent to my homepage, here is what was produced before by Lucy.

----------
RewriteEngine On
RewriteCond %{HTTP_REFERER} !gallery/index\.php\?level=\w+&id=\d+$ [NC]
RewriteRule /large/.+\.jpg$ http://example.co.uk/index.html [L]
-----------

I would be most grateful for any help in solving this
Thanks :)

 

lucy24




msg:4568746
 8:51 pm on Apr 28, 2013 (gmt 0)

Psst! Moderators! Any chance of wholly removing the time limit on editing posts in the "Code, Content and Presentation" subforum?

Didn't think so. Drat.

Are you currently on shared hosting or not? (Technically the question is whether the rule is in htaccess or config. But people with their own servers rarely need advice on htaccess files.)

The current format of your image filenames is

^gallery/upload/20\d\d/\d\d/\d\d/\d+-\w\.jpg

plus leading slash if you're in the config file. The "target" needs a [R=301] flag if you want it to be a redirect. Otherwise it defaults to 302.

The last part of the URL looks as if it's really \h but I don't think mod_rewrite supports that form. And anyway it's not likely an URL will get that far and then collapse into some other form ;) so no need to worry about the server having to backtrack.

Matter of fact: Does the /gallery/upload/ directory contain anything other than image files? If not, you don't even need to run the URL all the way to the end. Just go far enough-- starting with an opening anchor-- that you can safely say "nothing but images from here on".

topr8




msg:4568761
 10:59 pm on Apr 28, 2013 (gmt 0)

OT rant ... but bad software design really annoys me!

Why use a file structure of
mywebsite.co.uk/gallery/upload/2013/04/28/20130428141329-2fda219d.jpg

very clearly the 20130428 is redundant as it is already in the folder structure, and as the software/script seems to generate a random string then i image that the hours, minutes and seconds 141329 are also redundant

lucy24




msg:4568781
 12:19 am on Apr 29, 2013 (gmt 0)

Oh, and, er, when I said "redirect" above I naturally meant "permanent redirect". Could swear I was just saying something somewhere about the recurring need to edit posts...

as the software/script seems to generate a random string then i image that the hours, minutes and seconds 141329 are also redundant

Or, in the alternative, it's the random string that's redundant. At a minimum, its length has got to be excessive. I mean, we're not talking about credit-card numbers where you have to minimize the risk of a random correct guess; all we need is unique filenames. You might conceivably want to know the upload time-- but surely it isn't possible to upload

:: counting on fingers ::

16^8 = 2^4^8 = 2^32 = something with nine or ten zeros, right?
files within a single second? The software may be able to log activity that fast, but a million simultaneous connections (assuming a mere millisecond for the physical act of uploading)? Nuh-uh.

ctrlaltdel




msg:4570859
 4:54 pm on May 5, 2013 (gmt 0)

Sorry for the late reply to this, my logged email was an old one, I have updated it now and should get any further replies :)

Thank you all for your replies.
I am on shared hosting.
I am sorry but when i try to reply, i cannot see your posts so am trying to remeber what was asked.

1. Yes, it is a weird system that so many new subfolders for images and indeed the duplication of date/time formats.

I can confirm that with each folder created, it puts a simple index.html with text only of "Not Allowed"
besides that the only filetype in any of the folders inc sub folders is .jpg

Many thanks

George

zeus




msg:4570880
 7:57 pm on May 5, 2013 (gmt 0)

how about google image

lucy24




msg:4570892
 9:00 pm on May 5, 2013 (gmt 0)

with each folder created, it puts a simple index.html with text only of "Not Allowed"
besides that the only filetype in any of the folders inc sub folders is .jpg

There speaks a CMS designer who has never thought of

Options -Indexes

Put it somewhere near the top of your main htaccess; it will be inherited everywhere unless you explicitly override it.

Since the directories contain nothing but images, all you need in your htaccess is the beginning of the path. Looks like simply

^gallery/upload/

without closing anchor. Shove it into your existing rule.

Note that technically the opening anchor isn't necessary; I assume you don't have anything like www.example.com/directory/otherdir/gallery/upload/publicly-accessible-file.html lurking around elsewhere. But it makes the rule run more efficiently, because if "gallery/" isn't the very first thing in the request, the server stops looking right away.

Tip: You can use the browser's Back button to go back and look at the thread, and then Forward again and your in-progress post will still be there. Some forums won't let you do this; your unfinished post disappears. But it works here. Even works if you've had intervening Previews so there are multiple back-and-forths involved.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved