I'm using wordpress and I'm wondering how I can stop people accessing my uploads folder (and its contents) directly. I was looking at my analytics and noticed a large number of people viewing an image in my uploads folder directly (must have got stumbled). How can I block that and/or redirect people requesting files from my uploads folder to my homepage? eg. Currently people can view images directly by typing in a url like this: http://www.url.com/uploads/08/image.jpg When anyone does that, I want them to be redirected to http://www.url.com
Hey Swollenpickles, Check this website out: http://httpd.apache.org/docs/1.3/misc/FAQ.html#image-theft Also to prevent people from viewing your folder contents simply place an empty index.html file into the uploads directory. You could even put a message into it if you like. It should tell you what you need to know. Hope it helps.
After doing such a thing, check in all browsers to see how they deal with it. Really, you can't stop people from doing it, but you can make it not so easy for them.
Thanks for that, not sure I fully understand it though. When they refer to "inlining" on that apache site, do they mean hotlinking?
Sorry I didn't explain it in more detail. Basicall that article is saying "People can't directly access your images" and in-fact your images are only accessible if they are being viewed inside a page on your website. For example. You have a blog post with an image and people can only access the image from your blog post, not directly. Hope this helps and glad to help.
Thanks dwayne. So using that method, people would not be able to view an image by entering the url into the browser directly etc.? http://www.url.com/uploads/08/image.jpg SetEnvIf REFERER "www\.mydomain\.com" linked_from_here SetEnvIf REFERER "^$" linked_from_here <Directory /www/images> Order deny,allow Deny from all Allow from env=linked_from_here </Directory> Code (markup): What does this mean? linked_from_here
just wtaermark your images and don't worry about it. there's no such thing as bad publicity right? they will still see your URL and if they like it, they'll check out the rest of the site for more on their own. If you redirect them, they don't find what they came for and will IMMEDIATELY leave your page, and since they haven't seen the great content you do have, they have no reason to poke around a site they weren't linked to just in case there's a good image hiding somewhere. If you don't want people to see it, don't freakin put it on the interwebs.