PortalParts.com Site

 Forum Index > Geeklog > Filemgmt Plugin Support New Topic Post Reply
 Want to prevent anonymous access by filename
 |  Printable Version
Blaine
 March 31 2004 09:33 AM  
Forum Admin
Admin

Status: offline

Registered: 03/01/02
Posts: 3576

Maybe there is a way to protect the directory so that it will only allow access from php or from visit.php.


Please consider contributing to support my efforts ..
 
Profile Email Website PM
Quote
lfa
 March 31 2004 09:35 AM  
Forum Full Poster
Full Poster

Status: offline

Registered: 03/28/04
Posts: 17

Never mind, I think I've got it. A logged-in user's HTTP GET will contain a cookie value of gl_session=873221888 (or some number). An anonymous user's GET won't. I can probably configure .htaccess to look for that gl_session value. Testing to make sure it's a valid session is probably a lot harder, but also probably not neccesary to prevent access by casual users emailing URLs around.


 
Profile Email Website PM
Quote
lfa
 March 31 2004 09:36 AM  
Forum Full Poster
Full Poster

Status: offline

Registered: 03/28/04
Posts: 17

Yeah, if the HTTP_REFERER variable is set, I could probably use that, and it might be even more secure. Thanks for your help.


 
Profile Email Website PM
Quote
lfa
 March 31 2004 10:08 AM  
Forum Full Poster
Full Poster

Status: offline

Registered: 03/28/04
Posts: 17

OK, this seems to work:

Create a .htaccess file in the filemgmt_data directory containing the following:

--cut here--
SetEnvIf Cookie ".*gl_session.*" GL_LOGGEDIN_USER
Deny from all
Allow from env=GL_LOGGEDIN_USER
--cut here--

It's not totally secure, because it's doesn't actually check for a valid session id, but it's definitely better than nothing.


 
Profile Email Website PM
Quote
Blaine
 March 31 2004 17:03 PM  
Forum Admin
Admin

Status: offline

Registered: 03/01/02
Posts: 3576

Sounds good - I'm sure that will help others.


Please consider contributing to support my efforts ..
 
Profile Email Website PM
Quote
Content generated in: 0.20 seconds
New Topic Post Reply



 All times are CDT. The time is now 09:02 AM.
Normal Topic Normal Topic
Locked Topic Locked Topic
Sticky Topic Sticky Topic
New Post New Post
Sticky Topic W/ New Post Sticky Topic W/ New Post
Locked Topic W/ New Post Locked Topic W/ New Post
View Anonymous Posts 
Anonymous users can post 
Filtered HTML Allowed 
Censored Content