New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
nginx - how to exclude single file extension from access protection?
Dear all,
I am a bit stuck and maybe you can help me out...
I have a directory that I have access protected by the following line in vhost.conf:
location /pictures {
deny all;
}
That works fine for the directory and all subdirectories.
However, each subdirectory (hundreds of them) contains a file called 'folder.png' and I would love to exclude all files with this name from the access protection so that they gets displayed. How do I do this?
Thanks a lot for your advice in advance!
Cheers,
-A
Comments
What are you trying to do by denying access to /pictures? What is your goal? It just seems a bit odd to me.
Well, that's a bit complicated.
/pictures contains original images that get called by a php script for watermarking before display. I do not want anyone to access this folder by guessing the path (which is not too hard) and getting the unmarked images for download.
But I found a way to disallow the display of the original jpg files and allowing access to the rest:
location /pictures { location ~ \.jpg$ { deny all; } }Maybe you can move the pictures folder out of the root
I agree, that would be best. But the (gallery) script is not written by me and quite complex. I would have to change a lot of references in the php source code and then again and again as soon as an update comes out.
However, the location block that I posted above does for me what it should, so I am okay with that "solution"...
Why not just put an index.html file in there so they can't browse the directory?
I did that. But still, it is possible to guess the full filename of an image and display it directly. I saw some scripts out there that were explicitly written to bulk download the original images from my site (it is quite a large gallery with 12,000+ images). That does not only create unwanted traffic and server load. It also bypasses the ads on the site and leaves the "stolen" images watermark-free.
--deleted, don't read the top post-- :P
Do the pictures you want to hide have a common part to their filename? You could create a .htaccess file and use ReWrite to solve this. Basically, mod_rewrite would check the URL for a string using RegEx, and then re-direct the user to a "Computer Sayyzz Nooo" page.. (Little Britain reference anyone?)
I love Little Britain!
I am using NGINX instead of Apache. However, yes - they all have a common part of their name. They are numbered but the leading text string is always the same.
This may or may not help you http://www.engineyard.com/blog/2011/useful-rewrites-for-nginx/
I have no experience with rewrites in NGINX I'm afraid - sorry
BTW, not sure if the rewrite method would work in your case, as you'll want images displayed sometime, right? I wonder if you can integrate cookies/sessions/access control with rewrites....
Maybe some kind of hotlink protection might work too..
Thank you all - As said, I have already found a solution (see above) that works for me. I tried to solve it with a hotlinking protection before, but that caused problems with people using browsers that do not send proper referrers. I received dozens of mails each day full of complaints because of this...