[pmwiki-users] disallowing access to /uploads subdirectory

Tegan Dowling tmdowling at gmail.com
Thu Jan 22 15:42:49 CST 2009


On Thu, Jan 22, 2009 at 3:26 PM, Jackie Silva
<jlsilva at library.berkeley.edu> wrote:
> Greetings PmWiki community,
>
> I am thinking about denying access to the /uploads directory via the
> httpd-conf file and adding the
> $EnableDirectDownload = 0 in each config.php file.
>
> I would like to know if anyone has had any difficulty implementing this.
> Did it break anything or cause problems/conflicts with other plug-ins?
>
> Or any words of wisdom/caution one would like to share-- was it
> successful? Happy with the results?

I've been doing this so long I'm not sure how things differ from
running the wikis without it, but my wikis work, so if this scheme was
responsible for any problems, they were problems I was able to
overcome.

URIs for images on my sites take the form
http://www.example.com/Site/HomePage?action=download&upname=Something.jpg,
but that generally happens automatically, so I can grab an address
from my browser's address bar if I need it.

Read-protecting the site can require some fiddling to make images
visible for non-admin logins, but again, it works.

I do this because not to leaves uploads findable by search engines
even in otherwise read-protected wiki-groups, which I consider
completely unintuitive, and which I discovered the hard way when a
client found sensitive material showing up in searches -- very
embarrassing for me.



More information about the pmwiki-users mailing list