How protect files in var directory?

Next topic

Author	Message
Tomasz Jakubowski	Wednesday 01 August 2007 11:54:27 pm I create content with image. Content is in protect area (need login to see it). But if I put direct link to image file in browser I can see it. So, system isn't protected from access without login. If there any solution to protect files in var directory?
André R.	Thursday 02 August 2007 12:37:39 am Remove the rewrite rules that lets users download images directly from var. It will be a lot slower, but it will check access rights on every image request. eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom
Tomasz Jakubowski	Thursday 02 August 2007 2:47:05 pm Thanks for your response but I still have a problem with that. I remove the rewrite rules for var directory. But now I can't see any images on my site. The same behaviour for admin user and anonymous user. When I put direct image link (like: http://example.com/var/siteaccess/storage/images/folder/zdjecie/1579-1-pol-PL/zdjecie_large.jpg) to browser then I get eZ error page with error message: The requested module var could not be found. If there any special configuration options? My configuration of eZ Publish - virtual host. My .htaccess file: DirectoryIndex index.php <FilesMatch "(index\.php\|\.(gif\|html\|css\|jpe?g\|png\|ico\|js\|asf\|avi\|wmv\|swf\|xsl\|jar\|pdf\|doc))$"> order allow,deny allow from all Options FollowSymLinks Includes ExecCGI </FilesMatch> RewriteEngine on RewriteBase / # first we rewrite the root dir to the handling php script RewriteRule ^$ index.php [L] RewriteRule ^index\.html$ index.php [L] # exclude here directories or files eg. your webmail, phpadsnew, pphlogger #Rewriterule ^var/storage/.* - [L] #Rewriterule ^var/[^/]+/storage/.* - [L] #RewriteRule ^var/cache/texttoimage/.* - [L] #RewriteRule ^var/[^/]+/cache/texttoimage/.* - [L] Rewriterule ^design/[^/]+/(stylesheets\|images\|javascript)/.* - [L] Rewriterule ^share/icons/.* - [L] Rewriterule ^extension/[^/]+/design/[^/]+/(stylesheets\|images\|javascripts?)/.* - [L] Rewriterule ^packages/styles/.+/(stylesheets\|images\|javascript)/[^/]+/.* - [L] RewriteRule .* index.php [L]
André R.	Friday 03 August 2007 5:30:24 am Sorry for giving you wrong advice, seems like only files (as in word, pdf etc) can be server like this true content/download. Images are protected in the way that if you don't have access to it, you will get text saying "you don't have access to this image" instead of the image. So basically you only get the link if you have access, given that you use the ez templates for generating the url / image tag. eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom

eZ debug

Timing:	Jan 18 2025 10:20:23
Script start
Timing:	Jan 18 2025 10:20:23
Module start 'layout'
Timing:	Jan 18 2025 10:20:23
Module start 'content'
Timing:	Jan 18 2025 10:20:23
Module end 'content'
Timing:	Jan 18 2025 10:20:23
Script end

Main resources:

Total runtime	0.7771 sec
Peak memory usage	4,096.0000 KB
Database Queries	60

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0057	589.0469	152.6250
Module start 'layout'	0.0057	0.0026	741.6719	39.4453
Module start 'content'	0.0083	0.7674	781.1172	551.2344
Module end 'content'	0.7757	0.0013	1,332.3516	12.4688
Script end	0.7771		1,344.8203

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0037	0.4796	16	0.0002
Check MTime	0.0017	0.2199	16	0.0001
Mysql Total
Database connection	0.0008	0.1015	1	0.0008
Mysqli_queries	0.7218	92.8771	60	0.0120
Looping result	0.0006	0.0728	58	0.0000
Template Total	0.7358	94.7	2	0.3679
Template load	0.0021	0.2762	2	0.0011
Template processing	0.7336	94.4011	2	0.3668
Template load and register function	0.0005	0.0683	1	0.0005
states
state_id_array	0.0047	0.6103	1	0.0047
state_identifier_array	0.0010	0.1255	2	0.0005
Override
Cache load	0.0018	0.2338	21	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0008	0.1069	2	0.0004
Fetch class attribute name	0.0014	0.1854	5	0.0003
XML
Image XML parsing	0.0007	0.0845	2	0.0003
class_abstraction
Instantiating content class attribute	0.0000	0.0037	6	0.0000
General
dbfile	0.0035	0.4515	17	0.0002
String conversion	0.0000	0.0009	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
4	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
3	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
5	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
2	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
1	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 17 Number of unique templates used: 7

Time used to render debug report: 0.0001 secs