I have a problem that is related to the URL of the images if I use a subdomain.
For example, if the image is located at address
http://www.mydomain.com/images/photo.jpg
And if I want to use subdomain to speed up page load, in this case subdomain is:
http://img.mydomain.com
How should look like the url to the image foto.jpg if I use subdomain?
The path for subdomain:
/home/mydomain/public_html/img/
The path for images folder:
/home/mydomain/public_html/images/
just add an alias to your img subdomain and keep the same structure. This way if you need to change in the future it will be transparent
edit:
is also good to have more than one subdomain for assets. like img01 img02 and so on. But be these subdomains consistent.
like if you have the image image1.jpg that targets to
http://img01.domain.com/images/image1.jpg
the next time the imagen appears in the code should appear as
http://img01.domain.com/images/image1.jpg
AND NOT as
http://img02.domain.com/images/image1.jpg
so the cache can optimize the calls.
I usually use this formula
return sprintf("http://img%02s.domain.com", abs(crc32($imagename) % (9)));
this way the subdomain will be always consistent with the image name
edit 2:
Browsers limit the amount of connection opens peer server. So by having multiple subdomains you are faking this and therefore improving the load speed of the page.
But in the other hand if for a same image you load it from more than one different server the browser's cache can't operate because it doesn't know that you want to load the same image.
So by hashing the image name you are obtaining always the same server and then obtaining the best of both worlds: more connections opens AND browser caching
If your subdomain's document root is:
/home/mydomain/public_html/img/
And your images at are:
/home/mydomain/public_html/images/
Then you will not be able to access them. You'd have to navigate to http://img.mydomain.com/../images/photo.jpg which, for very obvious security reasons, is not possible.
Your subdomain's document root should instead be:
/home/mydomain/public_html/images/
And then your URL is:
http://img.mydomain.com/photo.jpg
Related
I have one dynamic website with back end control panel which contains ckEditor for data entry. ckEditor inserts images with path like: /userfiles/image1.jpg and when I call page to display on user interface it shows perfect if I access it from main url but due to some reasons few section we have to move on a sub folder and when I access same page from that subdomain it fails in displaying image.
when I checked url of the image, it shows like:
app1.mysite.com/userFiles/image1.jpg But the actual path is:mysite.com/userFiles/image1.jpg.
Is there any trick or technique to solve this?
I am using PHP.
You can define a <base> in your <head>:
http://www.w3schools.com/tags/tag_base.asp
To do ist with PHP is hard. Changing it beforehand to an absolute URL might be the best way, changing it afterwards means HTML scanning, finding the images, check wether the url is absolute or relative and change it, if needed.
I am currently trying to develop an image uploading website by using CodeIgniter.
The thing is, I came across an issue today and I would really appreciate any kind of help in order to solve it.
So basically, the site is working. But the thing is, that the files are not private. A user may want to ensure that the files the users upload are only visible by them, and not by someone who just guesses a bunch of urls. (eg. user1 uploads image1 which he wants to keep private, for himself =>[localhostlocalhost/upload_script/files/image1.jpg], user2 can access image1 by guessing and typing the url [localhost/upload_script/files/image1.jpg] which is what we don't want to happen. )
I have done some research and I think that this would probably require another controller for serving the files (which checks for session data).
I have been "playing" with sessions etc in PHP for quite some time in the past, but I am not that familiar with them in CodeIgniter.
Is this the only way? I don't think I need to create separate directories for each user, do I? Can you please tell me how to head to the right direction or give me an example?
Thanks in advance,
harris21
In order to protect files, you will need keep them outside of your web root, otherwise people will always be able to url hack their way round.
I have used the very handy mod_xsendfile for apache (if you have that kind of access to your server) which will allow you to serve files that can be protected by access control and not accessed without the appropriate credentials.
Code snippet that you could put in your CI controller to display an image (adapted from the mod_xsendfile page):
...
if ($user->isLoggedIn())
{
header("X-Sendfile: $path_to_somefile");
header('Content-Type: image/jpeg');
exit;
}
If you cannot install mod_xsendfile then your only other option would be to use readfile() as TheShiftExchange says.
Use PHP to return images and lock the image directory behind the webserver root. This way, before serving an image you can check the user credentials via session variable, assuring that he is allowed to view the image. Otherwise you can redirect the user straight back to the website alerting him he does not have access. Serving images like this is way slower than just serving them via webserver (apache, nginx,...) but it will enable you to have control over the downloading of the images.
To be more exact, save the image details in a database, for example having columns: id, file_path, title, uid. Everytime a user wants to download an image for example calling http://domain.com/files/download/3 you can check if image with id 3 can be downloaded for the currently logged in user. You need to write your own controller that will be doing that.
I am doing a similar thing here http://www.mediabox.si/ you can check how images are served. I am allowing thumbnail images and I am watermarking larger images visible to ordinary visitors.
The ONLY way is to store the images outside the public_html. Otherwise by definition you are opening the file to direct access.
Use a controller to check if the user is allowed to access the file and the php function readfile() to serve the file
You can read some code at one of my other questions here: Does this PHP function protect against file transversal?
And this is actually VERY fast - you won't notice a performance hit at all
I suspect that this is impossible, but I'm trying to be optimistic...
I'm running a site that uses jquery & php. Via ajax, I'm dynamically loading images to a page. The problem is that the paths to the images are visible when you view the source of the page. I'm trying to figure out if it's possible to prevent the path from displaying? I just don't want anyone seeing those paths or being able to access them. So, I don't know if there's some sort of magical programming solution or something to do with htaccess, but if anyone knows how to accomplish this, I'd appreciate pointers / links / or brilliance...
As the browser needs to know where to fetch the data from, it cannot be hidden easily.
But you can it make the "attacker" a little bit harder. E.g., you can give URLs with a script behind loading the given images. The script does so only if called with the correct Referer: header.
Are Data URIs an option for you?
If not, preventing hotlinking (via Referer) would be the way I would do it, possibly with some obfuscation (depending on your user base).
Everything that's visible to the browser is visible to the clever user in one way or the other
You can hide them from lamers, but not from programmers
Anti-lamer techniques can include:
1) setting data-mangled-src attribute to something like ROT13(real-src), then doing
$('img').each(function () { $(this).attr('src', ROT13($(this).data('mangled-src')))})
2) setting some data-id attr, then AJAX-requesting the src from the server
But anyway, the URL goes to the browser, then it's visible to the user
3) And, of course, you can load your images into flash 'viewer', which is probably the most advanced way of hiding them
So... If you make the load path an internal link in php Requested through Ajax that should hide the path in network inspector... By this I mean maybe query a db that generates a temp path to the image that expires...
Then with the loaded image you could save it a canvas element... Thus no src
There are a few ways you can go about hiding image URLs.
Use a plugin: you can use flash, a java applet, etc to load the images
Use a traffic cop: you can set the source of all the images to a single PHP script, with some kind of parameter to specify which image you want. That script can check sessions variables / referer / whatever you want; if everything checks out, you can do a file_get_contents() to load the actual url of the image, then echo that out to the browser.
I've created a website to help you hide the image src of your precious photos and images.
My website will hide the source path of your image, and it also allows you to 'Lock' your photo to a specific domain eg. example.com so that the photo will only display example.com and not on facebook.com or wherever the link to the photo is reposted.
http://hideimgsrc.com
It's easier and faster than a java script based solution.
How can I know when an image (generated with PHP) is called from my website or from another one?
I have tried with
if(eregi("mydomain.com", $_SERVER[SERVER_NAME])
but seem return always true even if
<img src='..linktofilephptogeneratetheimage..' >
is located on anther server
Thanks
You'll want to use $_SERVER['HTTP_REFERER'] to get the page that refers to the image. Then match this path against the domain you're expecting the image to be accessed from (your own site).
If it's acceptable, then serve the image; if not, then echo a dummy image or something else.
Note: This variable can be manually edited by some web clients, but if you're simply trying to avoid people using your site to serve images on other pages, it should be reliable enough.
I need to redirect the url which is accessing the site images to the appropriate contents section of the site for example . the image test.jpg is used in the section http://www.mysite.com/article1 and my image path is domain/images/test.jpg if any user browse the image directly by this url domain/images/test.jpg . i would like to redirect to the article section.
What you are trying to do is kind of working against the principles of the web. A web browser loads that image of yours the same way if someone reads the article as it does when somebody accesses the image "directly".
If you only want to disable access to browsing your image collection, i.e. the directory listing of the images, that's fine and you can easily disable that in your web server.
However -- and I think that's what you are trying to do -- if you try to find out the difference how somebody accesses an image, either while reading "article1" or by loading it "directly", then things get complicated. You could use some kludges like setting cookies in the article and that you check for when loading the image... But it is probably more trouble than it's worth.