I have thousands of files are saved in Yaws media server but files can be accessed by typing URL "like www.domainname.com/images/1.jpg", I want to block user to accessing files from URL - only authorized users can access files.
Asked
Active
Viewed 98 times
1 Answers
2
You can add an auth block to your server configuration and use a .yaws_auth file to allow only authenticated access to your media directory. For example, if your images dir is directly under your server docroot, add an auth block like this to your server configuration:
<auth>
dir = images
realm = yourrealm
</auth>
You can then add a .yaws_auth file to the images directory, where each line of the file contains username and password in the form of an Erlang tuple:
{Username, Password}.
Don't forget to end each line with a '.' character.
See the Yaws configuration documentation for more details.
Steve Vinoski
- 19,847
- 3
- 31
- 46
-
thank you for help. I have the same issue i follow your answer but when i copy-paste URL in browser address bar and press Enter key image visible but when press F5 or refresh page page request username and passwod. – Sunil Singh Apr 15 '16 at 09:02
-
@ Steve Vinoski I have more than 50000 users so i am maintaining user Credentials in db .So how to protect url ? what is best way to doing it ? Here is my question link http://stackoverflow.com/questions/36618177/how-to-prevent-user-to-direct-access-of-url-from-unauthorised-user-in-yaws-webse?noredirect=1#comment60844053_36618177 – Sunil Singh Apr 15 '16 at 09:11
-
@SunilSingh: for the first issue, you're likely hitting a cache. Refreshing the page forces the request to actually go to Yaws, which is working correctly. For the second issue, if you have a database of users, then you need a login system -- see chapter 7 of [the Yaws documentation](http://yaws.hyber.org/yaws.pdf). – Steve Vinoski Apr 15 '16 at 11:35