This is my first website/wiki development project. I'm currently building a wiki using www.example.com/mediawiki for testing and development purposes. I've noticed that I can access, through the browser, all the folders in /mediawiki such as /mediawiki/images and /mediawiki/extensions. I was under the impression that putting "Deny from all" in .htaccess would block the access, but it doesn't work. I currently have an .htaccess file with only one line "Deny from all" and I can still just type www.example.com/mediawiki/images in the browser and can I see all the files and folders from my own filesystem.
I realise that mediawiki is designed to allow all users to edit any page; however, I would simply like to protect against the possibility that one user is able to upload/access a document that I uploaded for another user on a certain page. As it stands, any user can simply get any file by typing www.example.com/mediawiki/images or he can access the files by using . I went through Manual:Image_Authorization. On that page, we have the following:
img_auth.php then checks to see if the user has access to that particular file and if so, streams it back. If not, it displays a standard 403 error.
OK, so how do I block a user from accessing a particular file? The page doesn't tell you how to achieve this apart from setting $wgUploadpath to the img_auth.php file.
In summary, I would like to know the following:
- Is there a way to block access to www.example.com/mediawiki/folder with folder=images, extensions, etc ?
- Is there a way to block the ability of users with upload and edit rights to have access to files that have already been uploaded by other users or myself?
Thank you