0

I've set a rule for my images in media folder. Here it is:

<FilesMatch ".(jpg|jpeg|gif|png|php)$"> Order Deny,Allow Deny from all </FilesMatch>

This will prevent the visitors to directly gain access to the images. Now, whenever i call a php function like getimagesize() to get some data from an image, it returns an error, as you can guess:

failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in : C:.....

Now my question is, how can other functions and CMS's core files access my medias and generate thumbnails and stuff, but a function such as getimagesize() can't?

I'm calling this function right in the middle of a CMS load process, so it does have the same privileges as the CMS itself. How can i go around this? I only want outside visitors not to be able to access these files, not my installation of CMS itself.

1 Answers1

0

If you are using a URL as the argument to getimagesize(), the request goes to web server, which will do what you have told it to do, that is, deny access to it.

You need to either use a filesystem path as the argument, or allow the IP address of your web server to access those files. You can see that IP address in your Apache access.log.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • Thanks for the answer. But as i mentioned in the error log, it is pointing to the folder name using absolute path (`C:\apache\htdocs\...`) –  Feb 20 '17 at 14:06
  • 1
    Then the most likely reason is the usage of Windows / MS-DOS style paths, and `getimagesize()` thinks this is a URL because of the colon. If possible, try to use relative paths. – Tero Kilkanen Feb 20 '17 at 14:10
  • This question is related to both php and Apache though. Can i update my question about getting image's dimension using related path or i have to ask another on stackoverflow? –  Feb 20 '17 at 14:16
  • Relative path is like `..\path\to\file`. Or in this case, you could use a relative path to the drive: `\path\to\file`. – Tero Kilkanen Feb 20 '17 at 14:28
  • Just one last thought. I was wondering to give a single php file full access to my images using `htaccess. Is it possible? –  Feb 20 '17 at 14:35
  • You allow just the IP address of the server, that is the easiest way. – Tero Kilkanen Feb 20 '17 at 14:51
  • But the ip is shared, i would do it if i had a dedicated ip address for my server. Thanks anyway, i will update the question and see what can i get. –  Feb 20 '17 at 14:54