Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 28. Mar 2024, 23:44

This forum is readonly now. Please use the new forum if you don't find the answer to your question here. The new forum is at https://www.tinywebgallery.com/blog/forum/


All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: 16. Aug 2011, 18:44 
Offline

Joined: 16. Aug 2011, 18:25
Posts: 2
Hi,

I am not sure if this problem is due to JFUploader or to Joomla itself... but I help help to determine if it is JFU causing the issue.

Recently my site was trashed and couldn't be restored properly... my bad I didnt have a good backup of everything.

So, back from scratch I went to new hosting provider and installed new joomla 1.6 installation, and JFUploader extension. Previously I had the professional registered version for Joomla 1.5, but I haven't moved my domain name so I am currently only using unregistered version of JFU.

I created a front end profile, and user groups and a master profile... I created a default folder, and JFU populated each users folders perfectly and was displaying everything perfectly. The only problem was that the directories were set for index accessible so people could browse all our confidential files.

I went to cpanel and using index manager to turn off indexing of the directory where our files are stored.

This is where the problem materialized. Sometimes the menu item and the jfu are visible and sometimes they are not. The menu item is protected to only allow special users, and the menu has the proper group ID and had been working. Now it only works occasionally. Have you any idea what is going on... or is there another better way to protect my upload directory that may not cause this issue. As it stands now I wont be able to continue to use jfu due to the privacy and access issues.

I am running the following:

Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 DAV/2 SVN/1.5.0 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8

Joomla! 1.6.0 Stable [ Onward ] 10-Jan-2011 23:00 GMT

JFUploader version 2.14.3

.htaccess is set to IndexIgnore

mod_rewrite is off, if i turn this on my site doesnt work becuase previously accessible pages are no longer found

Thanks for any assistance you can provide.


Top
 Profile  
 
PostPosted: 16. Aug 2011, 20:00 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
If you don't use direct download you can actually disable the access to the upload folder completely.
Simply put a .htaccess into the upload folder where you deny all.

What I don't understand is the relation to Joomla itself. Because your .htaccess should only be in the upload folder and not somewhere else.

Best, Michael


Top
 Profile  
 
PostPosted: 16. Aug 2011, 21:11 
Offline

Joined: 16. Aug 2011, 18:25
Posts: 2
TinyWebGallery wrote:
If you don't use direct download you can actually disable the access to the upload folder completely.
Simply put a .htaccess into the upload folder where you deny all.

What I don't understand is the relation to Joomla itself. Because your .htaccess should only be in the upload folder and not somewhere else.

Best, Michael


Hi Michael, I figured out a work around... Bear in mind that I have very little knowledge of computers actually...

Originally I had put the .htaccess file in the directory I created to accept uploads. I put Options -Indexes which caused Joomla not to display the directory when people browsed the folder in their browser... however it also caused Joomla not to display the menu item for jfu when the menu access level was set to anything other than public for some reason.

As I only wanted certain people to be able to upload rather than all registered users I thought I needed to protect the menu item... but i changed the people who were able to access the front end via the users in group1

Then I re-enabled the viewing of the file structure... but prevent viewing of the actual file extensions we use. I don't see a security issue that people know we have directories, as long as they cannot access the files.

Options +Indexes

IndexIgnore *.wmv *.mp4 *.avi *.hse *.tsv *.xls *.pdf *.doc *.jpg *.jpeg *.zip *.HSE *.TSV *.XLS *.PDF *.DOC *.JPG *.JPEG *.ZIP

seems to be working, sorry to have bothered you


Top
 Profile  
 
PostPosted: 17. Aug 2011, 00:44 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
does:

deny from all

not work in the upload dir?

- Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
powered by phpbb | Datenschutz/ Privacy policy