CMS Made Simple Forums

Hello.

How can I avoid direct accessing (for example, typing adress?) to www.mysite.com/uploads? I run CentOS 5, Server version: Apache/2.2.3. Is it something with httpd config?

Thank you.

Hello hlloyge,

Try to search "avoid deep linking" in webservers' documentations and on the web.
Lighttpd has a feature. And as you have said, Apache may be tweaked with the appropriate config.
I'm too lazy today to point you to the solution but I'm sure it can be made with the webserver "under" CMSms.
Once you have found it you can write it in the wiki.

Pierre M.

I've found much simpler solution; I just put index.html inside that folder with scary message about IP being logged and mail sent to administrator I'm not dealing with hackers, so this is TEH protection

something like this should work also

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ blocked.gif [NC,R,L]

-tsw

If you use the uploads module it does this:
  a) Prevents direct linking
  b) Provides tracking of how many times a file is downloaded, and from where
  c) Allows a description, an image, and a type to be attached to a file
  d) allows complete customization of the output.

calguy1000 wrote: If you use the uploads module it does this:
  a) Prevents direct linking
  b) Provides tracking of how many times a file is downloaded, and from where
  c) Allows a description, an image, and a type to be attached to a file
  d) allows complete customization of the output.

Is it? Well, I can tweak site a bit... will play with it. Thank you all. For now, my solution works... but it's not something I'd like to have... it isn't idiot-proof.