File: gallery1-admin.securing.html

package info (click to toggle)
gallery 1.5.4-3
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 26,712 kB
  • ctags: 6,567
  • sloc: php: 33,824; sh: 446; xml: 96; makefile: 88; perl: 61
file content (83 lines) | stat: -rw-r--r-- 7,582 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Securing Gallery</title><meta name="generator" content="DocBook XSL Stylesheets V1.64.1"><link rel="home" href="index.html" title="Gallery Manual"><link rel="up" href="gallery1-admin.html" title="Chapter2.Gallery 1.x Administration Guide"><link rel="previous" href="gallery1-admin.embedding.html" title="Embedding Gallery"><link rel="next" href="gallery1-admin.backup.html" title="Backup and Restore"><link rel="stylesheet" href="html.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Securing Gallery</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="gallery1-admin.embedding.html">Prev</a></td><th width="60%" align="center">Chapter2.Gallery 1.x Administration Guide</th><td width="20%" align="right"><a accesskey="n" href="gallery1-admin.backup.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="gallery1-admin.securing"></a>Securing Gallery</h2></div></div><div></div></div><div class="toc"><dl><dt><span class="sect2"><a href="gallery1-admin.securing.html#gallery1-admin.securing.basic-auth">Basic Authentication</a></span></dt><dt><span class="sect2"><a href="gallery1-admin.securing.html#gallery1-admin.securing.additional">Additional Album Security</a></span></dt></dl></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="gallery1-admin.securing.basic-auth"></a>Basic Authentication</h3></div></div><div></div></div><p>
   Basic HTTP Authentication allows you to add a second layer of security to
   your Gallery.  It also prevents people being able to "hotlink" albums directly
   from your albums directory.  The disadvantage is that basic HTTP authentication
   isn't compatible with Gallery authentication.  This means that if you want to
   give user permissions with the Gallery authentication system (e.g. to add
   pictures) they will have to login <span class="emphasis"><em>twice</em></span>.  As such, this
   may not be the best solution for everyone, though it is the most secure.
   </p><div class="mediaobject"><img src="images/basic-auth.gif"><div class="caption"><p>  
      Example of Basic HTTP Authentication (Mozilla)
     </p></div></div><p>
  </p><p>
   Setting up basic authentication is relatively simple.  It can get a little
   complex or annoying if you don't do certain things, however.  For instance,
   I recommend putting your albums directory <span class="emphasis"><em>inside</em></span> your
   main Gallery directory, as a sub-directory.  This makes it easier to protect.
   If it's not already there, it's easy to move, just move it and rerun the
   <a href="gallery1-install.config-wizard.html" title="The Configuration Wizard">configuration wizard</a>.
  </p><p>
   Now that you have the preliminaries, edit the <tt class="filename">.htaccess</tt> file in your gallery
   directory.  Add the following
   </p><pre class="screen">
    AuthName "My Gallery"
    AuthUserFile /path/to/gallery/directory/.htpasswd
    AuthType Basic
    require valid-user
   </pre><p>
  </p><p>
   Now you need to create the <tt class="filename">.htpasswd</tt> file which will contain
   usernames and passwords.  If you have shell access, use the <span><b class="command">htpasswd</b></span>
   command, e.g. <span><b class="command">htpasswd -c /path/to/gallery/directory/.htpasswd [username]</b></span>
   After you add one username, run the same command for the next user, without the -c flag.
  </p><p>
   If you don't have shell access, you'll have to create the .htpasswd file manually.
   There are some web-based pages that will help you, for instance
   <a href="http://www.xs4all.nl/~remcovz/htpasswd.html" target="_top">this page</a>.  Enter
   the username and password, and add it to the .htpasswd file in your Gallery directory.
   Each username and password crypt should be on a separate line.
  </p><p>
   After you have that setup, basic authentication should work!
  </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    Because you edited your <tt class="filename">.htaccess</tt> file in your Gallery directory, you will
    have to re-add these lines if you re-run the configuration wizard.
   </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="gallery1-admin.securing.additional"></a>Additional Album Security</h3></div></div><div></div></div><p>
   Because of Gallery 1.x's design, the albums directory must be in a publicly
   accessible directory.  So, some people who want extra privacy will want
   to prevent spiders, search servers, and hotlinkers from stealing the images
   and bandwidth, but still grant regular users access.
  </p><p>
   To do this, we will use Apache's mod_rewrite module.  Your server
   must have this module installed to do this.  See the Apache
   documentation for more information.  Additionally, if when you
   installed Gallery the config wizard instructed you to add lines to
   your httpd.conf to allow .htaccess files to work, then you should
   review those lines and add something similar to httpd.conf for your
   albums directory.  Otherwise, your changes to .htaccess may not
   have any effect.
  </p><p>
   Basically, what we'll do is only allow Apache to serve the images to people
   who are coming from <span class="emphasis"><em>your</em></span> site.  To do this, we'll check
   the referrer (misspelled in the HTTP RFC as "referer").  To do this, add the
   following lines to a <tt class="filename">.htaccess</tt> file in your <span class="emphasis"><em>albums</em></span> directory
   <span class="emphasis"><em>NOT YOUR GALLERY DIRECTORY</em></span> (you will have to create the
   <tt class="filename">.htaccess</tt> file in your albums directory, unless you've added something before).
   </p><pre class="screen">

&lt;IfModule mod_rewrite.c&gt;
	RewriteEngine On
	RewriteCond %{HTTP_REFERER} !^http://www.example.com/gallery.*$ [NC]
        RewriteCond %{REMOTE_HOST} ^.*\.shutterfly.com$  [NC]
	RewriteRule ^/albums/.*\.(jpg|gif|avi|png)$  -  [F]
&lt;/IfModule&gt;

   </pre><p>
   Obviously, change <tt class="literal">http://www.example.com/gallery</tt> to
   the real address of your <span class="emphasis"><em>gallery</em></span> directory.
   <tt class="literal">^/albums/.*\.(jpg|gif|avi|png)$</tt> is the pattern to
   your albums directory.  It uses regular expressions.  You can find more
   information about regular expressions by searching Google or buying a book.
   The line regarding shutterfly.com exempts addresses coming from
   shutterfly.com from the ban.  This allows users to still be able to use
   ShutterFly.
  </p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="gallery1-admin.embedding.html">Prev</a></td><td width="20%" align="center"><a accesskey="u" href="gallery1-admin.html">Up</a></td><td width="40%" align="right"><a accesskey="n" href="gallery1-admin.backup.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Embedding Gallery</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">Backup and Restore</td></tr></table></div></body></html>