[Typo3-dev] Extension and resources (images, ...) and security
Christian Trabold
trabold at mehrwert.de
Thu May 13 14:10:55 CEST 2004
Hi!
>>> Restrict the permissions of the /typo3conf directory with .htaccess:
>>>
>>> <--- snip
>>> Order Deny,Allow
>>> Deny from all
>>> snap --->
>>>
>>> This will deny any user to access /typo3conf and its subdirectories.
>>
>> Exactly. And all images or other resources, which reside in those
>> extension-directories can not be accessed, either.
>> See the problem?
>
> I see. Seems I'm a bit densed, today.
>
> *more cautios* Just a guess:
> Instead of being linked directly (or via /fileadmin, as you mentioned),
> why not process images first and then deliver from typo3temp?
> Reduces performance, I know... I'm thinking of a dummy transformance,
> just copying images 1:1 to typo3temp, of course rename to a734672346.gif
>
.htaccess allows access-rules to specific files in a folder.
I think of an rule that denies all access in typo3conf/ *but* allows
transfer for graphic files so that these can be shown in the browser.
Have a look at
<http://httpd.apache.org/docs/mod/core.html.en#filesmatch>
Maybe that helps.
Regards,
Christian
More information about the TYPO3-dev
mailing list