How protect files in var directory?

Wednesday 01 August 2007 11:54:27 pm

I create content with image. Content is in protect area (need login to see it). But if I put direct link to image file in browser I can see it.
So, system isn't protected from access without login.

If there any solution to protect files in var directory?

Thursday 02 August 2007 2:47:05 pm

Thanks for your response but I still have a problem with that.

I remove the rewrite rules for var directory. But now I can't see any images on my site. The same behaviour for admin user and anonymous user. When I put direct image link (like: http://example.com/var/siteaccess/storage/images/folder/zdjecie/1579-1-pol-PL/zdjecie_large.jpg) to browser then I get eZ error page with error message: The requested module var could not be found.

If there any special configuration options?

My configuration of eZ Publish - virtual host.
My .htaccess file:

DirectoryIndex index.php

<FilesMatch "(index\.php|\.(gif|html|css|jpe?g|png|ico|js|asf|avi|wmv|swf|xsl|jar|pdf|doc))$">
order allow,deny
allow from all
Options FollowSymLinks Includes ExecCGI
</FilesMatch>

RewriteEngine on

RewriteBase /

# first we rewrite the root dir to the handling php script
RewriteRule ^$ index.php [L]
RewriteRule ^index\.html$ index.php [L]

# exclude here directories or files eg. your webmail, phpadsnew, pphlogger
#Rewriterule ^var/storage/.* - [L]
#Rewriterule ^var/[^/]+/storage/.* - [L]
#RewriteRule ^var/cache/texttoimage/.* - [L]
#RewriteRule ^var/[^/]+/cache/texttoimage/.* - [L]
Rewriterule ^design/[^/]+/(stylesheets|images|javascript)/.* - [L]
Rewriterule ^share/icons/.* - [L]
Rewriterule ^extension/[^/]+/design/[^/]+/(stylesheets|images|javascripts?)/.* - [L]
Rewriterule ^packages/styles/.+/(stylesheets|images|javascript)/[^/]+/.* - [L]

RewriteRule .* index.php [L]