That's exactly what I was looking for. Thanks! Am 05.06.2007 um 16:06 schrieb Patrick R. Michaud:
> On Tue, Jun 05, 2007 at 03:58:27PM +0200, [EMAIL PROTECTED] wrote: >> I'm looking for a (preferably automated) solution to completely >> protect uploaded files from external access. If I upload a file >> whithin a group that is protected with a password, the file still can >> be accessed externally using the direct path, i.e. >> http://yourhost/pmwiki/uploads/Secretgroup/file.ext >> >> Setting $EnableDirectDownload=0 does only restrict the access from >> within the wiki. >> >> A friend of mine suggested to control the access to the subfolder >> using a .htaccess file. Is there a solution based on that method that >> is known to work? >> >> Moreover, I would love to have an automated protection. Is there a >> recipe for pmwiki to restrict direct acces to uploaded files? > > Try copying the .htaccess file from your wiki.d/ directory into > the uploads/ directory. It should read > > Order Deny,Allow > Deny from all > > This tells the webserver to deny all direct access to files in the > uploads/ directory. Since PmWiki doesn't use the webserver to > access the files in uploads/, it will still be able to respond to > ?action=download requests (after checking authorizations). > > Another possibility is to move uploads/ somewhere completely outside > of the webserver tree, and use $UploadDir to point to this new > location: > > $UploadDir = '/path/to/uploads'; > > Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
