Download & Extend
Gallery » Issues

.htaccess code for blocking access to raw gallery2 folder?

Posted by uomeds on August 20, 2009 at 4:48pm
Project:Gallery
Version:6.x-1.0
Component:Installation / Configuration
Category:support request
Priority:normal
Assigned:Unassigned
Status:active

Issue Summary

Okay, it turns out my integration worked out quite smoothly. I still have to get my rewrite working, but I'm not too concerned about that right now.

I just want to be sure the fundamentals are in place.

I found some instructions that stated for blocking access to the raw gallery2 folder after integration:

"create an .htaccess file within the /gallery2/ folder containing the following:

Deny from all

Finally, you'll want to CHMOD permissions on your /gallery2/ folder to 555 (unwritable)."

But that was a long time ago. Is this still valid, and is that the correct htaccess syntax? Or should it just say "Deny from all" and absolutely nothing else?

Also, while I have a new thread, is there any reason Gallery's Registration plugin would show as active from Drupal's install panel when it has clearly been disabled and is no longer running?

Thanks.

Login or register to post comments

Comments

#1

Posted by uomeds on August 22, 2009 at 11:06pm

Code got lost. His instructions were:

create an .htaccess file within the /gallery2/ folder containing the following:

<Files ~ "\.(inc|class)$">
   Deny from all
</Files>

Finally, you'll want to CHMOD permissions on your /gallery2/ folder to 555 (unwritable).

http://community.contractwebdevelopment.com/installing-gallery2-in-drupal

My current /gallery2/ htaccess says:

# BEGIN Url Rewrite section
# (Automatically generated.  Do not edit this section)
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteBase /gallery2/

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d [OR]
    RewriteCond %{REQUEST_FILENAME} gallery\_remote2\.php
    RewriteCond %{REQUEST_URI} !/gallery2/main\.php$
    RewriteRule .   -   [L]

    RewriteCond %{THE_REQUEST} /gallery2/gallery/d/([0-9]+)-([0-9]+)/([^/?]+)(\?.|\ .)
    RewriteCond %{REQUEST_URI} !/gallery2/main\.php$
    RewriteRule .   /gallery2/main.php?g2_view=core.DownloadItem&g2_itemId=%1&g2_serialNumber=%2&g2_fileName=%3   [QSA,L]
    RewriteCond %{THE_REQUEST} /gallery2/gallery/v/([^?]+)(\?.|\ .)
    RewriteCond %{REQUEST_URI} !/gallery2/main\.php$
    RewriteRule .   /gallery2/main.php?g2_path=%1   [QSA,L]
</IfModule>

# END Url Rewrite section

So I guess I would add the 'Deny from all' command anywhere after that?

Oh, and as an added bonus, it appears my url rewrite is working after all. Thanks to the developers for a very smooth module.

nobody click here