<span>In the uploads/ directory of one of my sites, I have a .<span name="st">htaccess</span> file containing<br> Order Deny,Allow<br> Deny from all<br>And I have $EnableDirectDownload=0; in the local/config.php.
<br>
<br>
With one exception (or set of exceptions), this works excellently for making attachments
behave the way I would like. Now any file that is uploaded to a
wikigroup inherits that wikigroup's (read) protection (if there is any)
- so uploads to *unprotected* groups are also unprotected.<br>
<br>
The single (known to me) exception to this is the case where I want to specify a background image for some</span><span> part of the site (header, body, etc) in the skin's .css file via a line like <br>
background:
url("/uploads/Site/image.jpg");</span><br>
<span>
<br></span><span>With this setup, the background image becomes unviewable when I'm protecting uploads with the .htaccess file and </span><span>$EnableDirectDownload=0;. I'm guessing this is because the .htaccess file is preventing the image from being
viewed directly, while the fact that the image is pointed to from the
.css file instead of via "Attach:" markup prevents the
Site wikigroup's security settings from operating on it - is that right?</span><br>
<span><br></span><span>I'd like to try to understand why such an image doesn't display, and whether there
is a way to fix it while still using the .htaccess and </span><span></span><span>$EnableDirectDownload=0; security method</span><span>, since I'd like to make this method of securing
uploaded files the default configuration for my wikis.<br><br>
Any discussion or suggestions?<br>
<br>
Thanks!<br>
<br>
Tegan Dowling<br>
</span>