plainblack.com
Username Password
search
Bookmark and Share

    
Goto page «Previous Page   1 2    Next Page»

Protecting File Assets

User knowmad
Date 2/6/2008 10:34 pm
Views 20521
Rating -3    Rate [
|
]
Previous · Next
User Message
JT
> Does that mean that when we use Martin's technique of allowing the  
> modperl server to serve images, the process you described above only  
> happens if the file is protected? At which stage in that process  
> does wG short-circuit everyone-viewable files?
>

Yes. Like I said, the process is already highly optimized. However,  
even with this there's still a hit cuz it's still using up one of the  
fat modperl instances to serve up a file, even if it doesn't have to  
instantiate a session.



JT Smith
ph: 703-286-2525 x810
fx: 312-264-5382

Create like a god. Command like a king. Work like a slave.



Back to Top
Rate [
|
]
 
 
elnino
what if you used passthruurls - and just stored your files there?

Back to Top
Rate [
|
]
 
 
knowmad
what if you used passthruurls - and just stored your files there?

Thanks for the suggestion but I also need to be able to manage and search the files via WebGUI. I think I'm stuck with File Assets. I'm not too worried about performance for the particular site in question but think this is a bigger issue that needs to be better addressed.

----
Knowmad Technologies
http://www.knowmad.com



Back to Top
Rate [
|
]
 
 
JT
Graham came up with an idea we're implementing into WRE 0.8.2 and  
future 7.4.x versions of WebGUI. This set of rewrite rules:

   RewriteCond %{REQUEST_FILENAME}             ^(.*/)              #  
Match up to the last /  - save the directory in %1
   RewriteCond ${DOCUMENT_ROOT}%1.wgaccess     !-f        # if (root  
+ directory + .wgaccess) doesn't exist,
   RewriteRule ^/uploads/                      -  
[L]                                     # serve directly

Combined with the existing file privilege check, and a small change to  
the webgui code base that doesn't write .wgaccess files unless the  
file has privileges other than visitor or everyone.

What this gets us is the best of all worlds. All files are served by  
modproxy unless there is a .wgaccess file, then the existing logic  
takes over.


Back to Top
Rate [
|
]
 
 
arjan
This is a great idea!

On Tue, 2008-02-19 at 21:50 -0600, jt@plainblack.com wrote:
> JT wrote:
>
> Graham came up with an idea we're implementing into WRE 0.8.2 and  
> future 7.4.x versions of WebGUI. This set of rewrite rules:
>
>    RewriteCond %{REQUEST_FILENAME}             ^(.*/)
>  #  
> Match up to the last /  - save the directory in %1
>    RewriteCond ${DOCUMENT_ROOT}%1.wgaccess     !-f        # if (root  
> + directory + .wgaccess) doesn't exist,
>    RewriteRule ^/uploads/                      -  
> [L]                                     # serve directly
>
> Combined with the existing file privilege check, and a small change
> to  
> the webgui code base that doesn't write .wgaccess files unless the  
> file has privileges other than visitor or everyone.
>
> What this gets us is the best of all worlds. All files are served by  
> modproxy unless there is a .wgaccess file, then the existing logic  
> takes over.
>
>
> http://www.plainblack.com/webgui/dev/discuss/protecting-file-assets/13
>
--
Arjan Widlak
United Knowledge | Politiek-digitaal.nl



Back to Top
Rate [
|
]
 
 
Trex

There appears to be an error/typo in JT's post above. The rewrite rules should read:

RewriteCond %{REQUEST_FILENAME}             ^(.*/)
RewriteCond %{DOCUMENT_ROOT}%1.wgaccess     !-f
RewriteRule ^/uploads/                      - [L]

(note the % rather than $ in the second line).

I am posting this information to this older thread for the benefit of others who (like myself) may end up here after searching for information on the site about rewrite rules. Having $ rather than % will cause the second condition to report true, and thus all files requested via their uploads URL to be served out regardless of their permission settings! This typo did make it into some systems, but has been fixed.



Back to Top
Rate [
|
]
 
 
     Goto page «Previous Page   1 2    Next Page»



© 2019 Plain Black Corporation | All Rights Reserved