phpBB-TweakS
The easiest way to 'tweak' your phpBB!
  
Advanced Search
    
 
Home Downloads FAQ Register FAQ Memberlist Usergroups Ranks
  Log in to check your private messages Log in  
   
 

Please help us to develop!

 
It appears you are using a browser that is not based on Internet Explorer, this means you are not viewing the web as good as you should be. Other browsers might try to immitate Internet Explorer, but none can parse the web as it should like Internet Explorer can. So view the web as it was meant to be with Avant Browser!
         

phpBB-TweakS Forum Index Tips, Tricks & Tweaks File Attachment mod security
Display posts from previous:   
Half Thread Topic  Fully Thread Topic  Download Topic
      All times are GMT - 5 Hours  
Post new topic  Reply to topic

Sun Oct 29, 2006 2:53 pm
Author Message
Saratoga Sam
Amature TweakeR
Amature TweakeR


Joined: 18 Mar 2005
Posts: 11
Words Posted: 581
Average Post: 52.82
Post subject: File Attachment mod security Reply with quote
Hi -

As you are probably aware, the file attachement mod stores attached files in a directory under your phpBB directory - typically something like phpBB/files.

If I know the name of a file stored under phpBB/files I can point my browser to it and open it ... circumventing the phpBB.

I'm curious to know if there is a way to deny access to this directory to everyone except those who access it through the phpBB?

Thanks,

Saratgoa Sam
Post #1
      Back To Top  

Mon Oct 30, 2006 5:33 am
Author Message
aUsTiN
Webmaster
Webmaster


Usa Georgia

Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
Post subject: Reply with quote
Using a .htaccess, you might be able to do a "deny from all".
Post #2
      Back To Top  

Mon Oct 30, 2006 9:56 am
Author Message
Saratoga Sam
Amature TweakeR
Amature TweakeR


Joined: 18 Mar 2005
Posts: 11
Words Posted: 581
Average Post: 52.82
Post subject: Reply with quote
aUsTiN wrote:
Using a .htaccess, you might be able to do a "deny from all".


Ok - I'll try that and let you know if it works!

Saratoga Sam
Post #3
      Back To Top  

Sat Dec 09, 2006 4:40 pm
Author Message
Saratoga Sam
Amature TweakeR
Amature TweakeR


Joined: 18 Mar 2005
Posts: 11
Words Posted: 581
Average Post: 52.82
Post subject: Reply with quote
Yup, it works.

Thanks.
Post #4
      Back To Top  

Sat Dec 09, 2006 5:20 pm
Author Message
aUsTiN
Webmaster
Webmaster


Usa Georgia

Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
Post subject: Reply with quote
np, glad it worked for ya.
Post #5
      Back To Top  

Mon Oct 08, 2007 3:40 am
Author Message
Xerosigma
New TweakeR
New TweakeR


Joined: 07 Oct 2007
Posts: 2
Words Posted: 126
Average Post: 63.00
Location: Chicago
Post subject: .htaccess Reply with quote
Can someone tell me where to add the "Deny From All" line in my .htaccess file and to write the line? I'm new to server side code like this so I don't know the format or command lines or whatever.

-Thank you.
Post #6
      Back To Top  

Tue Oct 09, 2007 11:45 am
Author Message
Saratoga Sam
Amature TweakeR
Amature TweakeR


Joined: 18 Mar 2005
Posts: 11
Words Posted: 581
Average Post: 52.82
Post subject: Reply with quote
In my /phpbb/files directory on my phpbb server I added an .htaccess file with this single line, "deny from all".

This stops people from trying to access the /files directory outside of phpbb.
Post #7
      Back To Top  

Fri May 16, 2008 4:13 pm
Author Message
Saratoga Sam
Amature TweakeR
Amature TweakeR


Joined: 18 Mar 2005
Posts: 11
Words Posted: 581
Average Post: 52.82
Post subject: Reply with quote
Hi Austin -

I think I might have run into a limitation of the Deny From All directive.

I added this directive to the phpbb/files directory of a phpbb about a month ago. The directory had a some .wmv movie files uploaded in fall 2007.

These wmv. files are defined under the special category drop down as "Stream Files" within the file attachment mod. I believe this allows the .wmv movie to be played embedded within the phpbb topic (or reply).

Once I added an .htaccess file with Deny From All I could not play the .wmv files attached to phpbb posts. I got a "cannot connect to the server" error message from Windows Media. Apparently, the Deny From All is denying Windown Media from the file!

When I remove the .htaccess file, the phpbb works as expected.

Are you aware of an .htaccess directive that is a Deny From All but allows the Windows Media player to access the .wmv file attachements?

Thanks,

Saratoga Sam
Post #8
      Back To Top  

 
         

Post new topic  Reply to topic

phpBB-TweakS Forum Index Tips, Tricks & Tweaks File Attachment mod security
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

      Back To Top  

Page 1 of 1
Jump to:  
 
Protected by phpBB Security © phpBB-TweakS
phpBB Security Has Blocked 3,237 Exploit Attempts.

· Archive · Sitemap: Index · Sitemap: Forums · Sitemap: Topics · Sitemap: Posts ·

:: [ Load Time: 2.9 Seconds ] :: [ 31 Queries ] :: [ 4,648 Page(s) Viewed Today ] ::
:: [ Todays Queries: 139,683 ] :: [ Highest Load: 1,396,429 Queries On May. 08, 2007 ] ::
:: [ SQL Load: 60% Time: 1.7 ] :: [ PHP Load: 40% Time: 1.2 ] :: [ Debug: On ] :: [ GZIP: Enabled ] ::
:: The server last rebooted 81 days, 9 hours, 2 minutes, 13 seconds ago. ::
The phpBB[Network]!
       


This page has been viewed 4,930,180 times, last viewed: Sat Sep 06, 2008 5:33 pm.
Powered by phpBB 2.0.* © 2001, 2002 phpBB Group
Avalanche style by What Is Real © 2004