Problem displaying images in nodes
I'm setting up a site with drupal, and I had it working beautifully, when I read about people linking to images and using up server resources. Since I wanted my site to be secure from the outset I decided to take the advice of some of the forum posts and move my files folder out of the public_html directory.
I've now got two files folders in a private directory. The first one was created by drupal when I changed the settings in admin>file system settings, but I found I could not upload to it, or change the chmod settings on it, because drupal created it as owned by apache.
The second one I created myself (different name of course-chmod set to 777) and drupal only added the .htaccess file. I put an image file in that one.
Before I moved the folder, I had a test node, with the image in it, using a simple html img link. It worked fine.
Now, the image doesn't display.
I've tried different formats for the link--everything I could find in the forums--none of them seem to work.
I think I've included everything that's important here--but I'm really new at this.\
If anyone has a clue what I'm doing wrong, I would be most grateful.
Thanks,
Ken
This is what i've
This is what i've done.
trying to stop people from hotlinking your content can do more harm then good for a site. sure people who hotlink to an image of yours can use up "some" bandwidth. This isnt a bad thing. Especially if you watermark your images with your sites name. Then when they hotlink they wind up advertising your site for you. IF i find someone hogging up too much bandwidth, I replace the image with one of my own directing users to my site for the content. your servers logs and servers stats will provide you with all the information you need to contain some of this.
Have a look at this site http://tips-scripts.com/ it gives some tips about how to accomplish what ive stated above.
While i know it is possible to store the images themselves above the doc root. nothing stops a user from using an iframe and pulling the entire page into their site, which still uses your bandwidth. That being said, why not make them advertise for your site and help push users to you site. : )
Thanks for responding so
Thanks for responding so quickly.
I like your thinking on this in general. Unfortunately, I do have some images that I don't want hotlinked at all (Thanks for the vocabulary lesson--I'm so new at this I didn't even know what it was called--and for the link. I've bookmarked the site, and will be going back to work my way through it.)
Also, I really want to understand what's going on here.
I've searched the forums from top to bottom, and others seem to have similar problems, but nobody seems to have a clear solution.
It seems so simple. I can change the file address in admin back to the old files folder, which has the same permissions, and the same .htaccess content, and it works fine in private mode.
When I set the address to my other file folder it doesn't work at all--even though drupal accepts the settings without complaint. The only difference seems to be the actual location of the folder.
Frustrating.
Thanks,
Ken
I think drupal just can't do
I think drupal just can't do this.
After more hours trying one thing and another, I realized that I was moving the image file back and forth between the two file folder locations.
So I tried just copying it, and it worked fine. Drupal was apparently always looking in the same folder, no matter what address I put in the files settings.
My tentative conclusion is that when you use a normal link in a node, it doesn't matter what settings drupal has, the browser always simply gets the image from the server directly, and drupal doesn't get involved. This would mean that there is no way to set up a files folder out of reach of browsers and still insert images from it into nodes.
So, two questions:
1) Am I right about that?
10) If I am, what does the "private" setting in file management actually do?
Thanks for any help on this,
Ken
Partially solve it...
Here's what worked for me, though I'm not completely sure it was all neccesary...
I enabled clean urls under admin>settings
I installed the filerequest module and left the default host name (in my case, dev\.mainsite\.com).
I also installed the upload module and the inline module.
Now I can link to an image using the inline module or an image link of the form:
<img src="http://sitename.com/system/files/imagename.png" />My only problem is that that kind of link will also link directly to the image in a browser, which seems to defeat the purpose of the exercise. But I'm going to investigate some dodges that come in the documentation of the filerequest module to see if I can still achieve the results I'm after.
Meanwhile, I hope this helps someone else. I spent four full days thrashing around the forums before I figured it out by trial and error. I think that is because I'm still so new at this that what I need to know is generally the kind of stuff no one bothers to mention.
I'll post again if I figure out the rest. If anyone else has a hint for me, I'll be checking back here regularly.
Thanks,
Ken
A slight misunderstanding
The private/public downloads isn't designed to stop people linking to your images as such. Its main purpose is to control who is in charge of serving the uploaded files.
With public downloads, Drupal doesn't get a say in the matter. It is the webserver that serves them up directly using a public path. Any access control you want will need to be done using the web server. This method is more scalable and less resource intensive as there is no PHP/MySQL involved.
With private downloads, they are out of reach of the webserver and Drupal is responsible for handling the file request. The path uses a Drupal style URL handled by the system module. With this method any access control is done by Drupal. ie if your access control restriction relies on Drupal users and roles etc, you will need to use private downloads.
These features are completely tangential to stopping other sites linking to your images. Stopping other sites generally requires the server to check the (spoofable) HTTP referer header to see whether or not the request came from someone on your site. This check would be done in either your web server (with public downloads) or in Drupal (with private downloads) - although both will need extra configuration for this.
If your images are intended to be seen by anonymous visitors, neither public nor private downloads will stop other sites linking to them. As a side effect though, private downloads can prevent other sites linking to them though if Drupal prevents anonymous visitors accessing them.
--
Anton
New to Drupal? | Forum posting tips | Troubleshooting FAQ
Correction
What I said above really only applies to the upload module - it seems the image module doesn't enforce public vs private the same way. Apparently with private downloads uploaded images can be accessed by anonymous users even when other uploaded files can't be.
Oh well.
--
Anton
New to Drupal? | Forum posting tips | Troubleshooting FAQ
Thank you
Thanks, Anton, for the most helpful post I've seen on this topic in a week of intense searches. It clarifies most of the confusion I was aware of, and several points I didn't even know I was confused about (the most dangerous kind).
Ken